Prueba
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Prueba as PDF for free.
More details
- Words: 3,119
- Pages: 7
The objective of this lab is to check the commands used bySMTP, POP3 and IMAP protocols to send/receive emails. Note that to download your inbox you have two options, IMAP and POP3. Both should be tested. You will have to do the following: 1. Install/configure an email client software (outlook express) in your local host and work against the server provided by the teachers. 2. Capture the traffic generated when transmitting/receiving emails. 3. List and explain the purpose of the commands used by the protocols. 4. Repeat the task but using the command line (telnet). Is there any difference? Why? 5. Upload the results by Friday, November 27 (23:55 Brussels time). Note that the server will be available ONLY during Tuesday's class hours. Server info (this may vary): · 172.17.111.116 · Users/paswords: grupo1/grupo1 , grupo2/grupo2… · Email accounts: [email protected]… Reference: · http://www.yuki-onna.co.uk/email/
Index
IMAP....................................................................................................................................................2 Outlook (IMAP)...............................................................................................................................2 Recive...........................................................................................................................................2 Conclusions..................................................................................................................................4 POP.......................................................................................................................................................4 Outlook (POP)..................................................................................................................................4 Recive...........................................................................................................................................4 Send..............................................................................................................................................5 Telnet....................................................................................................................................................6 Recive (POP)....................................................................................................................................6 Conclusions..................................................................................................................................9 Send (SMTP)....................................................................................................................................9 Conclusions................................................................................................................................11 Conclusions
2
IMAP Outlook (IMAP) Recive Only IMAP message 4 0.008415 172.17.111.3 172.17.110.114 IMAP Response: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] CourierIMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information. 5 0.009777 172.17.110.114 172.17.111.3 IMAP Request: uyo8 CAPABILITY 7 0.010463 172.17.111.3 172.17.110.114 IMAP Response: * CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION • The CAPABILITY command requests a listing of capabilities that the server supports 8 0.010540 172.17.110.114 172.17.111.3 IMAP Request: lfus LOGIN "grupo4" "grupo4" • Login command with name and password 9 0.034363 172.17.111.3 172.17.110.114 IMAP Response: lfus OK LOGIN Ok. 10 0.034429 172.17.110.114 172.17.111.3 IMAP Request: sd73 IDLE 11 0.037432 172.17.111.3 172.17.110.114 IMAP Response: + entering idle mode • To maintain the conetion with server 12 0.037488 13 0.040240 14 0.040327 15 0.047830 •
172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3
172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114
IMAP IMAP IMAP IMAP
Request: DONE Response: sd73 OK IDLE completed Request: nfyr STATUS "INBOX" (MESSAGES UNSEEN) Response: * STATUS "INBOX" (MESSAGES 2 UNSEEN 1)
We can see the msg that are unread
16 0.047986 172.17.110.114 172.17.111.3 IMAP Request: 6uwx IDLE 18 0.051749 172.17.111.3 172.17.110.114 IMAP Response: + entering idle mode 23 0.062897 172.17.111.3 172.17.110.114 IMAP Response: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] CourierIMAP ready. 24 0.064234 172.17.110.114 172.17.111.3 IMAP Request: 3dwp CAPABILITY 26 0.064812 172.17.111.3 172.17.110.114 IMAP Response: * CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION 27 0.064886 172.17.110.114 172.17.111.3 IMAP Request: d78u LOGIN "grupo4" "grupo4" 28 0.088681 172.17.111.3 172.17.110.114 IMAP Response: d78u OK LOGIN Ok. 29 0.088763 172.17.110.114 172.17.111.3 IMAP Request: x4t4 IDLE 30 0.091706 172.17.111.3 172.17.110.114 IMAP Response: + entering idle mode 31 0.091763 172.17.110.114 172.17.111.3 IMAP Request: DONE 32 0.094566 172.17.111.3 172.17.110.114 IMAP Response: x4t4 OK IDLE completed 33 0.094625 172.17.110.114 172.17.111.3 IMAP Request: ajvp SELECT "INBOX" • The SELECT command selects a mailbox so that messages in the mailbox can be accessed 34 0.101485 172.17.111.3 172.17.110.114 IMAP Response: * FLAGS (\Draft \Answered \Flagged \Deleted \Seen \Recent) 35 0.101625 172.17.110.114 172.17.111.3 IMAP Request: xkoh IDLE 36 0.106358 172.17.111.3 172.17.110.114 IMAP Response: + entering idle mode 37 0.106420 172.17.110.114 172.17.111.3 IMAP Request: DONE 38 0.109744 172.17.111.3 172.17.110.114 IMAP Response: xkoh OK IDLE completed 39 0.109806 172.17.110.114 172.17.111.3 IMAP Request: y8fi UID FETCH 3:* (BODY.PEEK[HEADER.FIELDS (References X-Ref X-Priority X-MSMail-Priority X-MSOESRec Newsgroups)] ENVELOPE RFC822.SIZE UID FLAGS INTERNALDATE) 40 0.112852 172.17.111.3 172.17.110.114 IMAP Response: y8fi OK FETCH completed. 41 0.112914 172.17.110.114 172.17.111.3 IMAP Request: q3uw UID FETCH 1:2 (UID FLAGS) 42 0.115574 172.17.111.3 172.17.110.114 IMAP Response: * 1 FETCH (UID 1 FLAGS ()) 43 0.115683 172.17.110.114 172.17.111.3 IMAP Request: ig6z IDLE 45 0.120498 172.17.111.3 172.17.110.114 IMAP Response: + entering idle mode
3 Send 6 21.841764 172.17.111.3 172.17.110.114 • Make conection with server
SMTP
S: 220 ubuntu-server.escomposlinux.org ESMTP Postfix (Ubuntu)
7 21.841917 172.17.110.114
SMTP
C: HELO 1209e08
•
172.17.111.3
Say who I am
8 21.844664 172.17.111.3 172.17.110.114 9 21.844840 172.17.111.3 172.17.110.114 10 21.845209 172.17.110.114 172.17.111.3 11 21.847718 172.17.110.114 172.17.111.3 • Make the email with imap
TCP smtp > netcelera [ACK] Seq=61 Ack=15 Win=5840 Len=0 SMTP S: 250 ubuntu-server.escomposlinux.org SMTP C: MAIL FROM: IMAP Request: DONE
12 21.849076 172.17.111.3 172.17.110.114 SMTP 13 21.849205 172.17.110.114 172.17.111.3 SMTP • 14 21.854113 172.17.111.3 172.17.110.114 • Answer if it is ok
S: 250 2.1.0 Ok C: RCPT TO: IMAP Response: 19jk OK IDLE completed
15 21.854194 172.17.110.114 16 21.855784 172.17.111.3 17 21.855845 172.17.110.114 18 21.857151 172.17.111.3 • Say all it finish
172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114
IMAP SMTP SMTP IMAP
Request: bnn0 UID STORE 1 +FLAGS.SILENT (\Answered) S: 250 2.1.5 Ok C: DATA Response: bnn0 OK STORE completed.
19 21.857177 172.17.111.3 20 21.857316 172.17.110.114 21 21.857322 172.17.110.114 22 21.857347 172.17.110.114 23 21.858576 172.17.111.3 24 21.858606 172.17.110.114 you there, (text/plain) (text/html) 25 21.859651 172.17.111.3 26 21.879108 172.17.111.3 27 21.879291 172.17.110.114 28 21.883101 172.17.111.3
172.17.110.114 172.17.111.3 172.17.111.3 172.17.111.3 172.17.110.114 172.17.111.3
SMTP S: 354 End data with. SMTP C: DATA fragment, 1460 bytes IMAP Request: 7vkr IDLE SMTP C: DATA fragment, 868 bytes TCP smtp > netcelera [ACK] Seq=163 Ack=2435 Win=11680 Len=0 IMF from: "alex" , subject: Re: hello are
172.17.110.114 172.17.110.114 172.17.111.3 172.17.110.114
IMAP SMTP SMTP SMTP
Response: + entering idle mode S: 250 2.0.0 Ok: queued as 3F3C95F037 C: QUIT S: 221 2.0.0 Bye
Conclusions The commands used by outlook and telnet are different, outlook uses another commands to get the messages
POP Outlook (POP) •
POP3-DELE receives a number (number of the message) as an argument and deletes the specified message, located on a server by it's number.
•
POP3-LIST returns a string with numbers and sizes (in bytes) of all of the messages available on a POP3 server.
•
POP3-QUIT disconnects from the POP3 mail server.
•
POP3-TOP receives two numbers (number of the message and the lines count) as an arguments and returns a string, containing the specified message header and the specified count of the lines of the message body.
•
POP3-RETR receives a number (number of the message) as an argument and returns a string with the entire text (including header) of the specified message.
•
POP3-STAT returns the count of a messages available on a POP3 mail server.
4 Recive 1 0.000000 172.17.110.99 172.17.111.3 2 0.000315 172.17.111.3 172.17.110.99 3 0.000338 172.17.110.99 172.17.111.3 4 0.008008 172.17.111.3 172.17.110.99 – Hello to say if we are conect
TCP TCP TCP POP
savant > pop3 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 pop3 > savant [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 savant > pop3 [ACK] Seq=1 Ack=1 Win=65535 Len=0 S: +OK Hello there.
5 0.008159 172.17.110.99 – Put user
172.17.111.3
POP
C: USER grupo4
6 0.011334 172.17.111.3 7 0.011572 172.17.111.3 – Put pass
172.17.110.99 172.17.110.99
TCP POP
pop3 > savant [ACK] Seq=19 Ack=14 Win=5840 Len=0 S: +OK Password required.
8 0.011646 172.17.110.99 9 0.035621 172.17.111.3 – Confirm de login
172.17.111.3 172.17.110.99
POP POP
C: PASS grupo4 S: +OK logged in.
10 0.035853 172.17.110.99 172.17.111.3 – Stat to show if ther is any email
POP
C: STAT
11 0.038730 172.17.111.3 12 0.038987 172.17.110.99 – List all the emails
172.17.110.99 172.17.111.3
POP POP
S: +OK 1 1550 C: LIST
13 0.041518 14 0.042985
172.17.110.99 172.17.111.3
POP POP
S: +OK POP3 clients that break here, they violate STD53. C: RETR 1
172.17.110.99 172.17.111.3 172.17.110.99
POP TCP POP
S: +OK 1550 octets follow. savant > pop3 [ACK] Seq=47 Ack=1161 Win=64375 Len=0 S: DATA fragment, 554 bytes
18 0.220030 172.17.110.99 172.17.111.3 – Now it delete it of the list
POP
C: DELE 1
19 0.220708 20 0.221043 21 0.223664
POP POP POP
S: +OK Deleted. C: QUIT S: +OK Bye-bye.
–
172.17.111.3 172.17.110.99
Give the email with id
15 0.043915 172.17.111.3 16 0.218169 172.17.110.99 17 0.218793 172.17.111.3 – We show it
172.17.111.3 172.17.110.99 172.17.111.3
172.17.110.99 172.17.111.3 172.17.110.99
Send 1 0.000000 2 0.000417 MSS=1460 3 0.000444 4 0.007606 5 0.007770 6 0.012942 7 0.013076 8 0.013151 9 0.033334 10 0.033590 11 0.036457 12 0.036734 13 0.040277
172.17.110.99 172.17.111.3
172.17.111.3 172.17.110.99
TCP TCP
nokia-ann-ch2 > pop3 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 pop3 > nokia-ann-ch2 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0
172.17.110.99 172.17.111.3 172.17.110.99 172.17.111.3 172.17.111.3 172.17.110.99 172.17.111.3 172.17.110.99 172.17.111.3 172.17.110.99 172.17.111.3
172.17.111.3 172.17.110.99 172.17.111.3 172.17.110.99 172.17.110.99 172.17.111.3 172.17.110.99 172.17.111.3 172.17.110.99 172.17.111.3 172.17.110.99
TCP POP POP TCP POP POP POP POP POP POP POP
nokia-ann-ch2 > pop3 [ACK] Seq=1 Ack=1 Win=65535 Len=0 S: +OK Hello there. C: USER grupo4 pop3 > nokia-ann-ch2 [ACK] Seq=19 Ack=14 Win=5840 Len=0 S: +OK Password required. C: PASS grupo4 S: +OK logged in. C: STAT S: +OK 0 0 C: QUIT S: +OK Bye-bye.
172.17.111.3 172.17.110.114
TCP TCP
owserver > pop3 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 pop3 > owserver [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0
172.17.111.3
TCP
owserver > pop3 [ACK] Seq=1 Ack=1 Win=65535 Len=0
Telnet Recive (POP) 1 0.000000 172.17.110.114 2 0.000423 172.17.111.3 MSS=1460 3 0.000449 172.17.110.114
5 4 0.000900 172.17.110.114 172.17.111.3 POP C: . 5 0.003798 172.17.111.3 172.17.110.114 TCP pop3 > owserver [ACK] Seq=1 Ack=2 Win=5840 Len=0 6 0.009762 172.17.111.3 172.17.110.114 POP S: +OK Hello there. – Conection is make now is going to send one by one packet to make the conection to user and pass 7 0.254414 8 1.500870 9 1.533932 10 2.039572 11 2.040034 12 2.271898 13 2.272370 14 2.389471 15 2.389965 16 2.719630 17 2.720175 18 3.066711 19 3.067241 20 3.222552 21 3.223092 22 3.344178 23 3.344614 24 3.534123 25 3.534657 26 3.689945 27 3.690374 28 4.037005 29 4.037590 30 4.422287 31 4.422935 32 4.422964 –
172.17.110.114 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.111.3
TCP owserver > pop3 [ACK] Seq=2 Ack=19 Win=65517 Len=0 POP C: U TCP pop3 > owserver [ACK] Seq=19 Ack=3 Win=5840 Len=0 POP C: S TCP pop3 > owserver [ACK] Seq=19 Ack=4 Win=5840 Len=0 POP C: E TCP pop3 > owserver [ACK] Seq=19 Ack=5 Win=5840 Len=0 POP C: R TCP pop3 > owserver [ACK] Seq=19 Ack=6 Win=5840 Len=0 POP C: TCP pop3 > owserver [ACK] Seq=19 Ack=7 Win=5840 Len=0 POP C: g TCP pop3 > owserver [ACK] Seq=19 Ack=8 Win=5840 Len=0 POP C: r TCP pop3 > owserver [ACK] Seq=19 Ack=9 Win=5840 Len=0 POP C: u TCP pop3 > owserver [ACK] Seq=19 Ack=10 Win=5840 Len=0 POP C: p TCP pop3 > owserver [ACK] Seq=19 Ack=11 Win=5840 Len=0 POP C: o TCP pop3 > owserver [ACK] Seq=19 Ack=12 Win=5840 Len=0 POP C: 4 TCP pop3 > owserver [ACK] Seq=19 Ack=13 Win=5840 Len=0 POP C: TCP pop3 > owserver [ACK] Seq19 Ack=15 Win=5840 Len=0 POP S: -ERR Invalid command.
It give us an error, now is going to repeat all the process
33 4.629146 34 9.423575 35 9.463038 36 9.539200 37 9.539725 38 9.811822 39 9.812225 40 10.006014 41 10.006555 42 12.586255 43 12.586830 44 12.742032 45 12.742430 46 12.906350 47 12.906848 48 13.021576 49 13.022009 50 13.256335 51 13.256908 52 13.450360 53 13.450766 54 13.989180 55 13.989742 56 14.835811 57 14.836689 58 14.836720 –
172.17.111.3 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.110.114
172.17.110.114 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.111.3
172.17.111.3 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.110.114
TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP
owserver > pop3 [ACK] Seq=15 Ack=42 Win=65494 Len=0 C: U pop3 > owserver [ACK] Seq=42 Ack=16 Win=5840 Len=0 C: S pop3 > owserver [ACK] Seq=42 Ack=17 Win=5840 Len=0 C: E pop3 > owserver [ACK] Seq=42 Ack=18 Win=5840 Len=0 C: R pop3 > owserver [ACK] Seq=42 Ack=19 Win=5840 Len=0 C: pop3 > owserver [ACK] Seq=42 Ack=20 Win=5840 Len=0 C: g pop3 > owserver [ACK] Seq=42 Ack=21 Win=5840 Len=0 C: r pop3 > owserver [ACK] Seq=42 Ack=22 Win=5840 Len=0 C: u pop3 > owserver [ACK] Seq=42 Ack=23 Win=5840 Len=0 C: p pop3 > owserver [ACK] Seq=42 Ack=24 Win=5840 Len=0 C: o pop3 > owserver [ACK] Seq=42 Ack=25 Win=5840 Len=0 C: 4 pop3 > owserver [ACK] Seq=42 Ack=26 Win=5840 Len=0 C: pop3 > owserver [ACK] Seq=42 Ack=28 Win=5840 Len=0 S: +OK Password required.
172.17.111.3 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114
TCP POP TCP POP TCP POP TCP POP TCP
owserver > pop3 [ACK] Seq=28 Ack=66 Win=65470 Len=0 C: P pop3 > owserver [ACK] Seq=66 Ack=29 Win=5840 Len=0 C: A pop3 > owserver [ACK] Seq=66 Ack=30 Win=5840 Len=0 C: S pop3 > owserver [ACK] Seq=66 Ack=31 Win=5840 Len=0 C: S pop3 > owserver [ACK] Seq=66 Ack=32 Win=5840 Len=0
The same with pass
59 15.019190 60 17.528044 61 17.562299 62 17.724227 63 17.724760 64 18.109669 65 18.110235 66 18.648370 67 18.648859
172.17.110.114 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3
6 68 19.150862 172.17.110.114 172.17.111.3 69 19.151343 172.17.111.3 172.17.110.114 70 19.574451 172.17.110.114 172.17.111.3 71 19.574982 172.17.111.3 172.17.110.114 72 19.730264 172.17.110.114 172.17.111.3 73 19.730725 172.17.111.3 172.17.110.114 74 20.000842 172.17.110.114 172.17.111.3 75 20.001343 172.17.111.3 172.17.110.114 76 20.233164 172.17.110.114 172.17.111.3 77 20.233677 172.17.111.3 172.17.110.114 78 20.388950 172.17.110.114 172.17.111.3 79 20.389421 172.17.111.3 172.17.110.114 80 20.736072 172.17.110.114 172.17.111.3 81 20.736588 172.17.111.3 172.17.110.114 82 21.428571 172.17.110.114 172.17.111.3 83 21.429482 172.17.111.3 172.17.110.114 84 21.521606 172.17.111.3 172.17.110.114 – It see if the login is OK – It going to read it packet by packet
POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP
C: pop3 > owserver [ACK] Seq=66 Ack=33 Win=5840 Len=0 C: g pop3 > owserver [ACK] Seq=66 Ack=34 Win=5840 Len=0 C: r pop3 > owserver [ACK] Seq=66 Ack=35 Win=5840 Len=0 C: u pop3 > owserver [ACK] Seq=66 Ack=36 Win=5840 Len=0 C: p pop3 > owserver [ACK] Seq=66 Ack=37 Win=5840 Len=0 C: o pop3 > owserver [ACK] Seq=66 Ack=38 Win=5840 Len=0 C: 4 pop3 > owserver [ACK] Seq=66 Ack=39 Win=5840 Len=0 C: pop3 > owserver [ACK] Seq=66 Ack=41 Win=5840 Len=0 S: +OK logged in.
85 21.690735 172.17.110.114 172.17.111.3 86 24.198362 172.17.110.114 172.17.111.3 87 24.198939 172.17.111.3 172.17.110.114 88 24.354117 172.17.110.114 172.17.111.3 89 24.354612 172.17.111.3 172.17.110.114 90 24.469372 172.17.110.114 172.17.111.3 91 24.469792 172.17.111.3 172.17.110.114 92 24.665828 172.17.110.114 172.17.111.3 93 24.666334 172.17.111.3 172.17.110.114 94 25.358527 172.17.110.114 172.17.111.3 95 25.359188 172.17.111.3 172.17.110.114 96 25.359217 172.17.111.3 172.17.110.114 97 25.627968 172.17.110.114 172.17.111.3 98 26.936242 172.17.110.114 172.17.111.3 99 26.971230 172.17.111.3 172.17.110.114 100 27.359904 172.17.110.114 172.17.111.3 101 27.360440 172.17.111.3 172.17.110.114 102 27.554014 172.17.110.114 172.17.111.3 103 27.554546 172.17.111.3 172.17.110.114 104 28.631489 172.17.110.114 172.17.111.3 105 28.631975 172.17.111.3 172.17.110.114 106 29.016908 172.17.110.114 172.17.111.3 107 29.017459 172.17.111.3 172.17.110.114 108 29.902027 172.17.110.114 172.17.111.3 109 29.902551 172.17.111.3 172.17.110.114 110 30.479195 172.17.110.114 172.17.111.3 111 30.479822 172.17.111.3 172.17.110.114 112 30.480241 172.17.111.3 172.17.110.114 113 30.768313 172.17.110.114 172.17.111.3
TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP
owserver > pop3 [ACK] Seq=41 Ack=82 Win=65454 Len=0 C: l pop3 > owserver [ACK] Seq=82 Ack=42 Win=5840 Len=0 C: i pop3 > owserver [ACK] Seq=82 Ack=43 Win=5840 Len=0 C: s pop3 > owserver [ACK] Seq=82 Ack=44 Win=5840 Len=0 C: t pop3 > owserver [ACK] Seq=82 Ack=45 Win=5840 Len=0 C: pop3 > owserver [ACK] Seq=82 Ack=47 Win=5840 Len=0 S: +OK POP3 clients that break here, they violate STD53. owserver > pop3 [ACK] Seq=47 Ack=147 Win=65389 Len=0 C: r pop3 > owserver [ACK] Seq=147 Ack=48 Win=5840 Len=0 C: e pop3 > owserver [ACK] Seq=147 Ack=49 Win=5840 Len=0 C: t pop3 > owserver [ACK] Seq=147 Ack=50 Win=5840 Len=0 C: r pop3 > owserver [ACK] Seq=147 Ack=51 Win=5840 Len=0 C: pop3 > owserver [ACK] Seq=147 Ack=52 Win=5840 Len=0 C: 1 pop3 > owserver [ACK] Seq=147 Ack=53 Win=5840 Len=0 C: pop3 > owserver [ACK] Seq=147 Ack=55 Win=5840 Len=0 S: +OK 621 octets follow. owserver > pop3 [ACK] Seq=55 Ack=795 Win=64741 Len=0
Conclusions With telnet it send a character with every fragment
Send (SMTP) EHLO: to start the service MAIL FROM: to specify what is the sender of the email RCPT FROM: to specify what is the receiver of the email DATA: This is the data that has the email QUIT: Quit from service 1 0.000000 2 0.000074
172.17.110.114 172.17.110.114
– Mail from 3 0.000593 172.17.111.3 4 0.002180 172.17.111.3 – Ok all its ok
172.17.111.3 172.17.111.3 172.17.110.114 172.17.110.114
SMTP SMTP
C: MAIL FROM:[email protected] C: MAIL FROM:[email protected]
TCP smtp > drip [ACK] Seq=1 Ack=42 Win=5840 Len=0 SMTP S: 250 2.1.0 Ok
7 5 0.160435 172.17.110.114 172.17.111.3 6 9.694993 172.17.110.114 172.17.111.3 7 9.695063 172.17.110.114 172.17.111.3 – Whom is goint this email
TCP drip > smtp [ACK] Seq=42 Ack=15 Win=65126 Len=0 SMTP C: RCPT TO:[email protected] SMTP C: RCPT TO:[email protected]
8 9.696422 172.17.111.3 9 9.698435 172.17.111.3 – Ok all its ok
TCP smtp > drip [ACK] Seq=15 Ack=81 Win=5840 Len=0 SMTP S: 250 2.1.5 Ok
172.17.110.114 172.17.110.114
10 9.894266 172.17.110.114 172.17.111.3 11 15.003910 172.17.110.114 172.17.111.3 12 15.003971 172.17.110.114 172.17.111.3 – Now is going to appear the data
TCP drip > smtp [ACK] Seq=81 Ack=29 Win=65112 Len=0 SMTP C: DATA SMTP C: DATA
13 15.004616 172.17.111.3 172.17.110.114 TCP smtp > drip [ACK] Seq=29 Ack=87 Win=5840 Len=0 14 15.004646 172.17.111.3 172.17.110.114 SMTP S: 354 End data with. 15 15.143971 172.17.110.114 172.17.111.3 TCP drip > smtp [ACK] Seq=87 Ack=66 Win=65075 Len=0 16 25.051908 172.17.111.3 224.0.0.251 MDNS Standard query PTR 30.110.17.172.in-addr.arpa, "QM" question 17 25.160884 172.17.111.3 224.0.0.251 MDNS Standard query A ubuntu.local, "QM" question 18 25.773443 172.17.110.114 172.17.111.3 SMTP C: Subject:el fin del mundo se acerca, dame dinero si quieres evitarlo – Data is going to send in different packets first the email header 19 25.773504 172.17.110.114 172.17.111.3 20 25.774118 172.17.111.3 172.17.110.114 21 29.195882 172.17.110.114 172.17.111.3 22 29.229854 172.17.111.3 172.17.110.114 – Now the body of the email
SMTP C: DATA fragment, 69 bytes TCP smtp > drip [ACK] Seq=66 Ack=156 Win=5840 Len=0 SMTP C: DATA fragment, 2 bytes TCP smtp > drip [ACK] Seq=66 Ack=158 Win=5840 Len=0
23 40.304067 172.17.110.114 172.17.111.3 SMTP C: holaaaaaaaaaaa HAIZEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaa 24 40.304138 172.17.110.114 172.17.111.3 SMTP C: DATA fragment, 54 bytes 25 40.304605 172.17.111.3 172.17.110.114 TCP smtp > drip [ACK] Seq=66 Ack=210 Win=5840 Len=0 26 40.304635 172.17.111.3 172.17.110.114 TCP smtp > drip [ACK] Seq=66 Ack=212 Win=5840 Len=0 27 41.111829 172.17.110.114 172.17.111.3 SMTP C: DATA fragment, 2 bytes 28 41.112244 172.17.111.3 172.17.110.114 TCP smtp > drip [ACK] Seq=66 Ack=214 Win=5840 Len=0 29 44.765169 172.17.110.114 172.17.111.3 SMTP C: . 30 44.765241 172.17.110.114 172.17.111.3 IMF subject: el fin del mundo se acerca, dame dinero si quieres evitarlo\r\n, –
Resume of all to now if its ok
31 44.765980 32 44.766009 33 44.794382 34 45.001681
172.17.111.3 172.17.111.3 172.17.111.3 172.17.110.114
Conclusions Is the same as with outlook
172.17.110.114 172.17.110.114 172.17.110.114 172.17.111.3
TCP smtp > drip [ACK] Seq=66 Ack=215 Win=5840 Len=0 TCP smtp > drip [ACK] Seq=66 Ack=217 Win=5840 Len=0 SMTP S: 250 2.0.0 Ok: queued as 399EA5F037 TCP drip > smtp [ACK] Seq=217 Ack=102 Win=65039 Len=0
Index
IMAP....................................................................................................................................................2 Outlook (IMAP)...............................................................................................................................2 Recive...........................................................................................................................................2 Conclusions..................................................................................................................................4 POP.......................................................................................................................................................4 Outlook (POP)..................................................................................................................................4 Recive...........................................................................................................................................4 Send..............................................................................................................................................5 Telnet....................................................................................................................................................6 Recive (POP)....................................................................................................................................6 Conclusions..................................................................................................................................9 Send (SMTP)....................................................................................................................................9 Conclusions................................................................................................................................11 Conclusions
2
IMAP Outlook (IMAP) Recive Only IMAP message 4 0.008415 172.17.111.3 172.17.110.114 IMAP Response: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] CourierIMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information. 5 0.009777 172.17.110.114 172.17.111.3 IMAP Request: uyo8 CAPABILITY 7 0.010463 172.17.111.3 172.17.110.114 IMAP Response: * CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION • The CAPABILITY command requests a listing of capabilities that the server supports 8 0.010540 172.17.110.114 172.17.111.3 IMAP Request: lfus LOGIN "grupo4" "grupo4" • Login command with name and password 9 0.034363 172.17.111.3 172.17.110.114 IMAP Response: lfus OK LOGIN Ok. 10 0.034429 172.17.110.114 172.17.111.3 IMAP Request: sd73 IDLE 11 0.037432 172.17.111.3 172.17.110.114 IMAP Response: + entering idle mode • To maintain the conetion with server 12 0.037488 13 0.040240 14 0.040327 15 0.047830 •
172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3
172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114
IMAP IMAP IMAP IMAP
Request: DONE Response: sd73 OK IDLE completed Request: nfyr STATUS "INBOX" (MESSAGES UNSEEN) Response: * STATUS "INBOX" (MESSAGES 2 UNSEEN 1)
We can see the msg that are unread
16 0.047986 172.17.110.114 172.17.111.3 IMAP Request: 6uwx IDLE 18 0.051749 172.17.111.3 172.17.110.114 IMAP Response: + entering idle mode 23 0.062897 172.17.111.3 172.17.110.114 IMAP Response: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] CourierIMAP ready. 24 0.064234 172.17.110.114 172.17.111.3 IMAP Request: 3dwp CAPABILITY 26 0.064812 172.17.111.3 172.17.110.114 IMAP Response: * CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION 27 0.064886 172.17.110.114 172.17.111.3 IMAP Request: d78u LOGIN "grupo4" "grupo4" 28 0.088681 172.17.111.3 172.17.110.114 IMAP Response: d78u OK LOGIN Ok. 29 0.088763 172.17.110.114 172.17.111.3 IMAP Request: x4t4 IDLE 30 0.091706 172.17.111.3 172.17.110.114 IMAP Response: + entering idle mode 31 0.091763 172.17.110.114 172.17.111.3 IMAP Request: DONE 32 0.094566 172.17.111.3 172.17.110.114 IMAP Response: x4t4 OK IDLE completed 33 0.094625 172.17.110.114 172.17.111.3 IMAP Request: ajvp SELECT "INBOX" • The SELECT command selects a mailbox so that messages in the mailbox can be accessed 34 0.101485 172.17.111.3 172.17.110.114 IMAP Response: * FLAGS (\Draft \Answered \Flagged \Deleted \Seen \Recent) 35 0.101625 172.17.110.114 172.17.111.3 IMAP Request: xkoh IDLE 36 0.106358 172.17.111.3 172.17.110.114 IMAP Response: + entering idle mode 37 0.106420 172.17.110.114 172.17.111.3 IMAP Request: DONE 38 0.109744 172.17.111.3 172.17.110.114 IMAP Response: xkoh OK IDLE completed 39 0.109806 172.17.110.114 172.17.111.3 IMAP Request: y8fi UID FETCH 3:* (BODY.PEEK[HEADER.FIELDS (References X-Ref X-Priority X-MSMail-Priority X-MSOESRec Newsgroups)] ENVELOPE RFC822.SIZE UID FLAGS INTERNALDATE) 40 0.112852 172.17.111.3 172.17.110.114 IMAP Response: y8fi OK FETCH completed. 41 0.112914 172.17.110.114 172.17.111.3 IMAP Request: q3uw UID FETCH 1:2 (UID FLAGS) 42 0.115574 172.17.111.3 172.17.110.114 IMAP Response: * 1 FETCH (UID 1 FLAGS ()) 43 0.115683 172.17.110.114 172.17.111.3 IMAP Request: ig6z IDLE 45 0.120498 172.17.111.3 172.17.110.114 IMAP Response: + entering idle mode
3 Send 6 21.841764 172.17.111.3 172.17.110.114 • Make conection with server
SMTP
S: 220 ubuntu-server.escomposlinux.org ESMTP Postfix (Ubuntu)
7 21.841917 172.17.110.114
SMTP
C: HELO 1209e08
•
172.17.111.3
Say who I am
8 21.844664 172.17.111.3 172.17.110.114 9 21.844840 172.17.111.3 172.17.110.114 10 21.845209 172.17.110.114 172.17.111.3 11 21.847718 172.17.110.114 172.17.111.3 • Make the email with imap
TCP smtp > netcelera [ACK] Seq=61 Ack=15 Win=5840 Len=0 SMTP S: 250 ubuntu-server.escomposlinux.org SMTP C: MAIL FROM:
12 21.849076 172.17.111.3 172.17.110.114 SMTP 13 21.849205 172.17.110.114 172.17.111.3 SMTP • 14 21.854113 172.17.111.3 172.17.110.114 • Answer if it is ok
S: 250 2.1.0 Ok C: RCPT TO:
15 21.854194 172.17.110.114 16 21.855784 172.17.111.3 17 21.855845 172.17.110.114 18 21.857151 172.17.111.3 • Say all it finish
172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114
IMAP SMTP SMTP IMAP
Request: bnn0 UID STORE 1 +FLAGS.SILENT (\Answered) S: 250 2.1.5 Ok C: DATA Response: bnn0 OK STORE completed.
19 21.857177 172.17.111.3 20 21.857316 172.17.110.114 21 21.857322 172.17.110.114 22 21.857347 172.17.110.114 23 21.858576 172.17.111.3 24 21.858606 172.17.110.114 you there, (text/plain) (text/html) 25 21.859651 172.17.111.3 26 21.879108 172.17.111.3 27 21.879291 172.17.110.114 28 21.883101 172.17.111.3
172.17.110.114 172.17.111.3 172.17.111.3 172.17.111.3 172.17.110.114 172.17.111.3
SMTP S: 354 End data with
172.17.110.114 172.17.110.114 172.17.111.3 172.17.110.114
IMAP SMTP SMTP SMTP
Response: + entering idle mode S: 250 2.0.0 Ok: queued as 3F3C95F037 C: QUIT S: 221 2.0.0 Bye
Conclusions The commands used by outlook and telnet are different, outlook uses another commands to get the messages
POP Outlook (POP) •
POP3-DELE receives a number (number of the message) as an argument and deletes the specified message, located on a server by it's number.
•
POP3-LIST returns a string with numbers and sizes (in bytes) of all of the messages available on a POP3 server.
•
POP3-QUIT disconnects from the POP3 mail server.
•
POP3-TOP receives two numbers (number of the message and the lines count) as an arguments and returns a string, containing the specified message header and the specified count of the lines of the message body.
•
POP3-RETR receives a number (number of the message) as an argument and returns a string with the entire text (including header) of the specified message.
•
POP3-STAT returns the count of a messages available on a POP3 mail server.
4 Recive 1 0.000000 172.17.110.99 172.17.111.3 2 0.000315 172.17.111.3 172.17.110.99 3 0.000338 172.17.110.99 172.17.111.3 4 0.008008 172.17.111.3 172.17.110.99 – Hello to say if we are conect
TCP TCP TCP POP
savant > pop3 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 pop3 > savant [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 savant > pop3 [ACK] Seq=1 Ack=1 Win=65535 Len=0 S: +OK Hello there.
5 0.008159 172.17.110.99 – Put user
172.17.111.3
POP
C: USER grupo4
6 0.011334 172.17.111.3 7 0.011572 172.17.111.3 – Put pass
172.17.110.99 172.17.110.99
TCP POP
pop3 > savant [ACK] Seq=19 Ack=14 Win=5840 Len=0 S: +OK Password required.
8 0.011646 172.17.110.99 9 0.035621 172.17.111.3 – Confirm de login
172.17.111.3 172.17.110.99
POP POP
C: PASS grupo4 S: +OK logged in.
10 0.035853 172.17.110.99 172.17.111.3 – Stat to show if ther is any email
POP
C: STAT
11 0.038730 172.17.111.3 12 0.038987 172.17.110.99 – List all the emails
172.17.110.99 172.17.111.3
POP POP
S: +OK 1 1550 C: LIST
13 0.041518 14 0.042985
172.17.110.99 172.17.111.3
POP POP
S: +OK POP3 clients that break here, they violate STD53. C: RETR 1
172.17.110.99 172.17.111.3 172.17.110.99
POP TCP POP
S: +OK 1550 octets follow. savant > pop3 [ACK] Seq=47 Ack=1161 Win=64375 Len=0 S: DATA fragment, 554 bytes
18 0.220030 172.17.110.99 172.17.111.3 – Now it delete it of the list
POP
C: DELE 1
19 0.220708 20 0.221043 21 0.223664
POP POP POP
S: +OK Deleted. C: QUIT S: +OK Bye-bye.
–
172.17.111.3 172.17.110.99
Give the email with id
15 0.043915 172.17.111.3 16 0.218169 172.17.110.99 17 0.218793 172.17.111.3 – We show it
172.17.111.3 172.17.110.99 172.17.111.3
172.17.110.99 172.17.111.3 172.17.110.99
Send 1 0.000000 2 0.000417 MSS=1460 3 0.000444 4 0.007606 5 0.007770 6 0.012942 7 0.013076 8 0.013151 9 0.033334 10 0.033590 11 0.036457 12 0.036734 13 0.040277
172.17.110.99 172.17.111.3
172.17.111.3 172.17.110.99
TCP TCP
nokia-ann-ch2 > pop3 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 pop3 > nokia-ann-ch2 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0
172.17.110.99 172.17.111.3 172.17.110.99 172.17.111.3 172.17.111.3 172.17.110.99 172.17.111.3 172.17.110.99 172.17.111.3 172.17.110.99 172.17.111.3
172.17.111.3 172.17.110.99 172.17.111.3 172.17.110.99 172.17.110.99 172.17.111.3 172.17.110.99 172.17.111.3 172.17.110.99 172.17.111.3 172.17.110.99
TCP POP POP TCP POP POP POP POP POP POP POP
nokia-ann-ch2 > pop3 [ACK] Seq=1 Ack=1 Win=65535 Len=0 S: +OK Hello there. C: USER grupo4 pop3 > nokia-ann-ch2 [ACK] Seq=19 Ack=14 Win=5840 Len=0 S: +OK Password required. C: PASS grupo4 S: +OK logged in. C: STAT S: +OK 0 0 C: QUIT S: +OK Bye-bye.
172.17.111.3 172.17.110.114
TCP TCP
owserver > pop3 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 pop3 > owserver [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0
172.17.111.3
TCP
owserver > pop3 [ACK] Seq=1 Ack=1 Win=65535 Len=0
Telnet Recive (POP) 1 0.000000 172.17.110.114 2 0.000423 172.17.111.3 MSS=1460 3 0.000449 172.17.110.114
5 4 0.000900 172.17.110.114 172.17.111.3 POP C: . 5 0.003798 172.17.111.3 172.17.110.114 TCP pop3 > owserver [ACK] Seq=1 Ack=2 Win=5840 Len=0 6 0.009762 172.17.111.3 172.17.110.114 POP S: +OK Hello there. – Conection is make now is going to send one by one packet to make the conection to user and pass 7 0.254414 8 1.500870 9 1.533932 10 2.039572 11 2.040034 12 2.271898 13 2.272370 14 2.389471 15 2.389965 16 2.719630 17 2.720175 18 3.066711 19 3.067241 20 3.222552 21 3.223092 22 3.344178 23 3.344614 24 3.534123 25 3.534657 26 3.689945 27 3.690374 28 4.037005 29 4.037590 30 4.422287 31 4.422935 32 4.422964 –
172.17.110.114 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.111.3
TCP owserver > pop3 [ACK] Seq=2 Ack=19 Win=65517 Len=0 POP C: U TCP pop3 > owserver [ACK] Seq=19 Ack=3 Win=5840 Len=0 POP C: S TCP pop3 > owserver [ACK] Seq=19 Ack=4 Win=5840 Len=0 POP C: E TCP pop3 > owserver [ACK] Seq=19 Ack=5 Win=5840 Len=0 POP C: R TCP pop3 > owserver [ACK] Seq=19 Ack=6 Win=5840 Len=0 POP C: TCP pop3 > owserver [ACK] Seq=19 Ack=7 Win=5840 Len=0 POP C: g TCP pop3 > owserver [ACK] Seq=19 Ack=8 Win=5840 Len=0 POP C: r TCP pop3 > owserver [ACK] Seq=19 Ack=9 Win=5840 Len=0 POP C: u TCP pop3 > owserver [ACK] Seq=19 Ack=10 Win=5840 Len=0 POP C: p TCP pop3 > owserver [ACK] Seq=19 Ack=11 Win=5840 Len=0 POP C: o TCP pop3 > owserver [ACK] Seq=19 Ack=12 Win=5840 Len=0 POP C: 4 TCP pop3 > owserver [ACK] Seq=19 Ack=13 Win=5840 Len=0 POP C: TCP pop3 > owserver [ACK] Seq19 Ack=15 Win=5840 Len=0 POP S: -ERR Invalid command.
It give us an error, now is going to repeat all the process
33 4.629146 34 9.423575 35 9.463038 36 9.539200 37 9.539725 38 9.811822 39 9.812225 40 10.006014 41 10.006555 42 12.586255 43 12.586830 44 12.742032 45 12.742430 46 12.906350 47 12.906848 48 13.021576 49 13.022009 50 13.256335 51 13.256908 52 13.450360 53 13.450766 54 13.989180 55 13.989742 56 14.835811 57 14.836689 58 14.836720 –
172.17.111.3 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.110.114
172.17.110.114 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.111.3
172.17.111.3 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.110.114
TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP
owserver > pop3 [ACK] Seq=15 Ack=42 Win=65494 Len=0 C: U pop3 > owserver [ACK] Seq=42 Ack=16 Win=5840 Len=0 C: S pop3 > owserver [ACK] Seq=42 Ack=17 Win=5840 Len=0 C: E pop3 > owserver [ACK] Seq=42 Ack=18 Win=5840 Len=0 C: R pop3 > owserver [ACK] Seq=42 Ack=19 Win=5840 Len=0 C: pop3 > owserver [ACK] Seq=42 Ack=20 Win=5840 Len=0 C: g pop3 > owserver [ACK] Seq=42 Ack=21 Win=5840 Len=0 C: r pop3 > owserver [ACK] Seq=42 Ack=22 Win=5840 Len=0 C: u pop3 > owserver [ACK] Seq=42 Ack=23 Win=5840 Len=0 C: p pop3 > owserver [ACK] Seq=42 Ack=24 Win=5840 Len=0 C: o pop3 > owserver [ACK] Seq=42 Ack=25 Win=5840 Len=0 C: 4 pop3 > owserver [ACK] Seq=42 Ack=26 Win=5840 Len=0 C: pop3 > owserver [ACK] Seq=42 Ack=28 Win=5840 Len=0 S: +OK Password required.
172.17.111.3 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114
TCP POP TCP POP TCP POP TCP POP TCP
owserver > pop3 [ACK] Seq=28 Ack=66 Win=65470 Len=0 C: P pop3 > owserver [ACK] Seq=66 Ack=29 Win=5840 Len=0 C: A pop3 > owserver [ACK] Seq=66 Ack=30 Win=5840 Len=0 C: S pop3 > owserver [ACK] Seq=66 Ack=31 Win=5840 Len=0 C: S pop3 > owserver [ACK] Seq=66 Ack=32 Win=5840 Len=0
The same with pass
59 15.019190 60 17.528044 61 17.562299 62 17.724227 63 17.724760 64 18.109669 65 18.110235 66 18.648370 67 18.648859
172.17.110.114 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3 172.17.110.114 172.17.111.3
6 68 19.150862 172.17.110.114 172.17.111.3 69 19.151343 172.17.111.3 172.17.110.114 70 19.574451 172.17.110.114 172.17.111.3 71 19.574982 172.17.111.3 172.17.110.114 72 19.730264 172.17.110.114 172.17.111.3 73 19.730725 172.17.111.3 172.17.110.114 74 20.000842 172.17.110.114 172.17.111.3 75 20.001343 172.17.111.3 172.17.110.114 76 20.233164 172.17.110.114 172.17.111.3 77 20.233677 172.17.111.3 172.17.110.114 78 20.388950 172.17.110.114 172.17.111.3 79 20.389421 172.17.111.3 172.17.110.114 80 20.736072 172.17.110.114 172.17.111.3 81 20.736588 172.17.111.3 172.17.110.114 82 21.428571 172.17.110.114 172.17.111.3 83 21.429482 172.17.111.3 172.17.110.114 84 21.521606 172.17.111.3 172.17.110.114 – It see if the login is OK – It going to read it packet by packet
POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP
C: pop3 > owserver [ACK] Seq=66 Ack=33 Win=5840 Len=0 C: g pop3 > owserver [ACK] Seq=66 Ack=34 Win=5840 Len=0 C: r pop3 > owserver [ACK] Seq=66 Ack=35 Win=5840 Len=0 C: u pop3 > owserver [ACK] Seq=66 Ack=36 Win=5840 Len=0 C: p pop3 > owserver [ACK] Seq=66 Ack=37 Win=5840 Len=0 C: o pop3 > owserver [ACK] Seq=66 Ack=38 Win=5840 Len=0 C: 4 pop3 > owserver [ACK] Seq=66 Ack=39 Win=5840 Len=0 C: pop3 > owserver [ACK] Seq=66 Ack=41 Win=5840 Len=0 S: +OK logged in.
85 21.690735 172.17.110.114 172.17.111.3 86 24.198362 172.17.110.114 172.17.111.3 87 24.198939 172.17.111.3 172.17.110.114 88 24.354117 172.17.110.114 172.17.111.3 89 24.354612 172.17.111.3 172.17.110.114 90 24.469372 172.17.110.114 172.17.111.3 91 24.469792 172.17.111.3 172.17.110.114 92 24.665828 172.17.110.114 172.17.111.3 93 24.666334 172.17.111.3 172.17.110.114 94 25.358527 172.17.110.114 172.17.111.3 95 25.359188 172.17.111.3 172.17.110.114 96 25.359217 172.17.111.3 172.17.110.114 97 25.627968 172.17.110.114 172.17.111.3 98 26.936242 172.17.110.114 172.17.111.3 99 26.971230 172.17.111.3 172.17.110.114 100 27.359904 172.17.110.114 172.17.111.3 101 27.360440 172.17.111.3 172.17.110.114 102 27.554014 172.17.110.114 172.17.111.3 103 27.554546 172.17.111.3 172.17.110.114 104 28.631489 172.17.110.114 172.17.111.3 105 28.631975 172.17.111.3 172.17.110.114 106 29.016908 172.17.110.114 172.17.111.3 107 29.017459 172.17.111.3 172.17.110.114 108 29.902027 172.17.110.114 172.17.111.3 109 29.902551 172.17.111.3 172.17.110.114 110 30.479195 172.17.110.114 172.17.111.3 111 30.479822 172.17.111.3 172.17.110.114 112 30.480241 172.17.111.3 172.17.110.114 113 30.768313 172.17.110.114 172.17.111.3
TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP POP TCP
owserver > pop3 [ACK] Seq=41 Ack=82 Win=65454 Len=0 C: l pop3 > owserver [ACK] Seq=82 Ack=42 Win=5840 Len=0 C: i pop3 > owserver [ACK] Seq=82 Ack=43 Win=5840 Len=0 C: s pop3 > owserver [ACK] Seq=82 Ack=44 Win=5840 Len=0 C: t pop3 > owserver [ACK] Seq=82 Ack=45 Win=5840 Len=0 C: pop3 > owserver [ACK] Seq=82 Ack=47 Win=5840 Len=0 S: +OK POP3 clients that break here, they violate STD53. owserver > pop3 [ACK] Seq=47 Ack=147 Win=65389 Len=0 C: r pop3 > owserver [ACK] Seq=147 Ack=48 Win=5840 Len=0 C: e pop3 > owserver [ACK] Seq=147 Ack=49 Win=5840 Len=0 C: t pop3 > owserver [ACK] Seq=147 Ack=50 Win=5840 Len=0 C: r pop3 > owserver [ACK] Seq=147 Ack=51 Win=5840 Len=0 C: pop3 > owserver [ACK] Seq=147 Ack=52 Win=5840 Len=0 C: 1 pop3 > owserver [ACK] Seq=147 Ack=53 Win=5840 Len=0 C: pop3 > owserver [ACK] Seq=147 Ack=55 Win=5840 Len=0 S: +OK 621 octets follow. owserver > pop3 [ACK] Seq=55 Ack=795 Win=64741 Len=0
Conclusions With telnet it send a character with every fragment
Send (SMTP) EHLO: to start the service MAIL FROM: to specify what is the sender of the email RCPT FROM: to specify what is the receiver of the email DATA: This is the data that has the email QUIT: Quit from service 1 0.000000 2 0.000074
172.17.110.114 172.17.110.114
– Mail from 3 0.000593 172.17.111.3 4 0.002180 172.17.111.3 – Ok all its ok
172.17.111.3 172.17.111.3 172.17.110.114 172.17.110.114
SMTP SMTP
C: MAIL FROM:[email protected] C: MAIL FROM:[email protected]
TCP smtp > drip [ACK] Seq=1 Ack=42 Win=5840 Len=0 SMTP S: 250 2.1.0 Ok
7 5 0.160435 172.17.110.114 172.17.111.3 6 9.694993 172.17.110.114 172.17.111.3 7 9.695063 172.17.110.114 172.17.111.3 – Whom is goint this email
TCP drip > smtp [ACK] Seq=42 Ack=15 Win=65126 Len=0 SMTP C: RCPT TO:[email protected] SMTP C: RCPT TO:[email protected]
8 9.696422 172.17.111.3 9 9.698435 172.17.111.3 – Ok all its ok
TCP smtp > drip [ACK] Seq=15 Ack=81 Win=5840 Len=0 SMTP S: 250 2.1.5 Ok
172.17.110.114 172.17.110.114
10 9.894266 172.17.110.114 172.17.111.3 11 15.003910 172.17.110.114 172.17.111.3 12 15.003971 172.17.110.114 172.17.111.3 – Now is going to appear the data
TCP drip > smtp [ACK] Seq=81 Ack=29 Win=65112 Len=0 SMTP C: DATA SMTP C: DATA
13 15.004616 172.17.111.3 172.17.110.114 TCP smtp > drip [ACK] Seq=29 Ack=87 Win=5840 Len=0 14 15.004646 172.17.111.3 172.17.110.114 SMTP S: 354 End data with
SMTP C: DATA fragment, 69 bytes TCP smtp > drip [ACK] Seq=66 Ack=156 Win=5840 Len=0 SMTP C: DATA fragment, 2 bytes TCP smtp > drip [ACK] Seq=66 Ack=158 Win=5840 Len=0
23 40.304067 172.17.110.114 172.17.111.3 SMTP C: holaaaaaaaaaaa HAIZEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaa 24 40.304138 172.17.110.114 172.17.111.3 SMTP C: DATA fragment, 54 bytes 25 40.304605 172.17.111.3 172.17.110.114 TCP smtp > drip [ACK] Seq=66 Ack=210 Win=5840 Len=0 26 40.304635 172.17.111.3 172.17.110.114 TCP smtp > drip [ACK] Seq=66 Ack=212 Win=5840 Len=0 27 41.111829 172.17.110.114 172.17.111.3 SMTP C: DATA fragment, 2 bytes 28 41.112244 172.17.111.3 172.17.110.114 TCP smtp > drip [ACK] Seq=66 Ack=214 Win=5840 Len=0 29 44.765169 172.17.110.114 172.17.111.3 SMTP C: . 30 44.765241 172.17.110.114 172.17.111.3 IMF subject: el fin del mundo se acerca, dame dinero si quieres evitarlo\r\n, –
Resume of all to now if its ok
31 44.765980 32 44.766009 33 44.794382 34 45.001681
172.17.111.3 172.17.111.3 172.17.111.3 172.17.110.114
Conclusions Is the same as with outlook
172.17.110.114 172.17.110.114 172.17.110.114 172.17.111.3
TCP smtp > drip [ACK] Seq=66 Ack=215 Win=5840 Len=0 TCP smtp > drip [ACK] Seq=66 Ack=217 Win=5840 Len=0 SMTP S: 250 2.0.0 Ok: queued as 399EA5F037 TCP drip > smtp [ACK] Seq=217 Ack=102 Win=65039 Len=0
