[Wireshark]_003_ e-mail capture packet analysis

Source: Internet
Author: User

E-mail is a service that we often use in our life and work to contact friends and customers all over the world. Below we will use Wireshark to grab the email packet.

Preparatory work:

Mail client section (Outlook,foxmail,koomail,...)


e-mail Test account two

Message-Related Protocol knowledge (SMTP protocol, POP protocol, IMAP protocol)

1. Mail client settings

[1]. Open Foxmail for Account setup

[2] After a successful setup, do not send a message before writing.

2.Wireshark Pre-capture option settings (Main Menu->caputre->options)

[1]. Set the filter to reduce information interference.

3. Capturing e-Mail packets

[1]. After the option is set, click Start to capture the packet.

[2]. Send the previously written message in the Foxmail.

[3]. After the message is sent, click Stop to stop capturing the packet Wireshark

4. Analyzing e-Mail packets

[1]. Filter SMTP for easy viewing.

[2]. Analyzing the SMTP workflow

    • The 11th frame Foxmail sends the EHLO instruction to the server, indicates the identity, we can see the Foxmail client's hostname: XXXXENG1C83.
    • Frames 17th and 20th, we can see the user and pass that sent the message, but it is Base64 encrypted because SMTP does not receive plaintext.
    • Frame 23rd and 26th, we can see the sender and the recipient of the sent message, which is clear text.
    • Frame 32nd and Frame 34th, foxmail the size of the data sent by the client.
    • Frame 36th is the message's account and subject information.
    • Frame 39th disconnects the server.

[3]. View the contents of an e-mail message

[1]. Select the details of any frame of the packet you want to see, and right-click to select the follow TCP Stream to view.


After Wireshark this, e-mail related content is almost half naked. The next chapter to the FTP grab packet.

This site article is for baby bus SD. Team Original, reproduced must be clearly noted: (the author's official website: Baby bus )

Reprinted from "Baby bus Superdo Team" original link: http://www.cnblogs.com/superdo/p/4712787.html

[Wireshark]_003_ e-mail capture packet analysis

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.