22 June 2011

[Securityoverride.com] Forensics Level 2

Bài viết liên quan:

Level 1
Level 2

The following is a wireshark trace file of an SMTP transfer forensics2.rar.
Find the senders email address and the recipients email address of the SMTP transfer and enter it below to receive credit.

The server IP is and client IP is
Wireshark is a network protocol analyzer for Unix and Windows and can be downloaded here.

 Vấn đề:

SMTP is a core Internet protocol used to transfer e-mail messages between servers (first defined in RFC 821 in 1982). This contrasts with protocols such as POP3 and IMAP, which are used by messaging clients to retrieve e-mail.

SMTP servers look at the destination address of a message and contact the target mail server directly. Of course, this means the Domain Name Service (DNS) has to be configured correctly otherwise mail could be handed to the wrong server - potentially a big problem because, unless you have encrypted your messages, your e-mail will be in plain text!

SMTP was designed to be a reliable message delivery system. Reliable in this case means that a message handled by SMTP is intended to get to its destination or generate an error message accordingly. This is not the same as a guaranteed delivery service, it just does its best. To guarantee delivery requires all sorts of data exchanges that would add considerable communications overhead that would be pointless for everyday purposes.

SMTP communications are transported by TCP to ensure reliable end-to-end transport. RFC 822 defines the format of SMTP messages.

RFC 822 is a straightforward specification that breaks the message into headers and bodies separated by a blank line. In the header are a number of keywords and values that define the sending date, sender's address, where replies should go, and so on, while the body contains the data.


Post a Comment

Để lại góp ý của bạn để blog của mình hoàn thiện hơn :))