Wednesday, 24 September 2014

Packet Analysis 2 : SMTP Details

CAUTION

    "This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.The pcap file used in this example is from a CTF challenge "


Protocol - Simple Mail Transfer Protocol - Used for sending emails
Connection Type - TCP
Commonly Used Commands : HELO , MAIL , RCPT , 

So the challenge scenario is something like this . 

Find the senders email address and the recipients email address of the SMTP transfer out of the pcap file .

So to solve this challenge I will use Wireshark. First I load the pcap file in Wireshark.



Now my objective is to find out the senders and receivers emails. So in the filter bar I will write "smtp" so that it displays the packets matching the SMTP protocol only.





In SMTP we need to authenticate before we can send any mail . After applying the filter we can see the details of the SMTP . We can find the info by looking at the output or we can also get the details by following the TCP stream at "Authentication Successful" . So I will right click on that and select "Follow TCP Stream".





By analyzing the packet we can find the senders and receivers email id