Select the following TCP segments and acknowledgements.This is the client TCP acknowledgement of receiving the Service Ready message.Īctivity 5 - Analyze SMTP HELO Traffic Select the fifth packet, labeled TCP ACK.Observe the Response code and Response parameter.Expand Simple Mail Transfer Protocol and Response to view SMTP details.Also notice that the Ethernet II, Internet Protocol Version 4, and Transmission Control Protocol values are consistent with the TCP connection analyzed in Activity 3. Notice that it is an Ethernet II / Internet Protocol Version 4 / Transmission Control Protocol / Hypertext Transfer Protocol frame. Observe the packet details in the middle Wireshark packet details pane.Select the fourth packet, which is the first SMTP packet and labeled 220.Observe the traffic captured in the top Wireshark packet list pane.Note that all of the packets for this connection will have matching MAC addresses, IP addresses, and port numbers.Īctivity 4 - Analyze SMTP Service Ready Traffic Notice that it is a dynamic port selected for this HTTP connection. Expand Transmission Control Protocol to view TCP details.Notice that the destination address is the IP address of the SMTP server. Notice that the source address is your IP address. Expand Internet Protocol Version 4 to view IP details.You can use ipconfig /all and arp -a to confirm. The destination should be your default gateway's MAC address and the source should be your MAC address. Observe the Destination and Source fields.Expand Ethernet II to view Ethernet details.Notice that it is an Ethernet II / Internet Protocol Version 4 / Transmission Control Protocol frame. The first three packets (TCP SYN, TCP SYN/ACK, TCP ACK) are the TCP three way handshake. To view all related traffic for this connection, change the filter to ip.addr =, where is the destination address of the SMTP packet.Īctivity 3 - Analyze TCP Connection Traffic.Select the first SMTP packet labeled 220. To view only SMTP traffic, type smtp (lower case) in the Filter box and press Enter. Type quit and press Enter to close the connection.Īctivity 2 - Select Destination Traffic. Note that at this point you could enter mail, rcpt and data to send an SMTP message, but this only works on servers configured to allow clear text relay without authentication. You can try telnet 587 instead to generate SMTP traffic and then filter on port 587 in the next activity. If this does not work, your ISP may be blocking outbound traffic on port 25. Type telnet gmail-smtp-in.l. 25 and press Enter.Wikipedia: Simple Mail Transfer ProtocolĪctivity 1 - Capture SMTP Traffic.These activities will show you how to use Wireshark to capture and analyze Simple Mail Transfer Protocol (SMTP) traffic. Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. 10 Activity 8 - Analyze SMTP Closing Traffic.9 Activity 7 - Analyze SMTP QUIT Traffic.8 Activity 6 - Analyze SMTP Completed Traffic.7 Activity 5 - Analyze SMTP HELO Traffic.6 Activity 4 - Analyze SMTP Service Ready Traffic.5 Activity 3 - Analyze TCP Connection Traffic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |