CAUTION
"This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.The pcap file used in this example is from a CTF challenge "
Protocol - Simple Mail Transfer Protocol - Used for sending emails
Connection Type - TCP
Commonly Used Commands : HELO , MAIL , RCPT ,
So the challenge scenario is something like this .
Find the senders email address and the recipients email address of the SMTP transfer out of the pcap file .
So to solve this challenge I will use Wireshark. First I load the pcap file in Wireshark.
Now my objective is to find out the senders and receivers emails. So in the filter bar I will write "smtp" so that it displays the packets matching the SMTP protocol only.
In SMTP we need to authenticate before we can send any mail . After applying the filter we can see the details of the SMTP . We can find the info by looking at the output or we can also get the details by following the TCP stream at "Authentication Successful" . So I will right click on that and select "Follow TCP Stream".
By analyzing the packet we can find the senders and receivers email id
"This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.The pcap file used in this example is from a CTF challenge "
Protocol - Simple Mail Transfer Protocol - Used for sending emails
Connection Type - TCP
Commonly Used Commands : HELO , MAIL , RCPT ,
So the challenge scenario is something like this .
Find the senders email address and the recipients email address of the SMTP transfer out of the pcap file .
So to solve this challenge I will use Wireshark. First I load the pcap file in Wireshark.
Now my objective is to find out the senders and receivers emails. So in the filter bar I will write "smtp" so that it displays the packets matching the SMTP protocol only.
In SMTP we need to authenticate before we can send any mail . After applying the filter we can see the details of the SMTP . We can find the info by looking at the output or we can also get the details by following the TCP stream at "Authentication Successful" . So I will right click on that and select "Follow TCP Stream".
By analyzing the packet we can find the senders and receivers email id