tcpdump question
 

I have a quick question about tcpdump. I'm having an issue with a particular email client not being able to start a STARTTLS connection with my email server. I want to view the entire connection using tcpdump. I tried using the following command to write it to a file:

tcpdump -i eth1 dst port 25 -w <temporary filename>

When displaying the results of the temporary file, it was mostly gibberish. I could see the EHLO command and the QUIT command, but that was about it. How should I be viewing this such that it makes sense? Or do I have the tcpdump command wrong?

Hang on, isn't the idea of TLS that it encrypts the data so that when packet sniffers look, they only see gibberish?

If I'm getting the wrong end of the stick, then try a

tcpdump -X -vvv -i eth1 dst port 25 -w <temporary filename>

instead

What I'm looking for specifically is to see that the STARTTLS command is being sent by the user's client. I can't see it amongst the gibberish, but that doesn't mean it's not there. I will try the command you suggested.

I was also asking just for my own personal information. I foresee myself troubleshooting an FTP issue in the future as well, which, of course, won't be encrypted.