当同时收到大量邮件时,如何跟踪特定邮件的数据包?
smtp协议基本上是这样的:
S: 220 smtp.example.com ESMTP Postfix
C: HELO relay.example.org
S: 250 Hello relay.example.org, I am glad to meet you
C: MAIL FROM:<[email protected]>
S: 250 Ok
C: RCPT TO:<[email protected]>
S: 250 Ok
C: RCPT TO:<[email protected]>
S: 250 Ok
C: DATA
S: 354 End data with <CR><LF>.<CR><LF>
C: From: "Bob Example" <[email protected]>
C: To: "Alice Example" <[email protected]>
C: Cc: [email protected]
C: Date: Tue, 15 Jan 2008 16:02:43 -0500
C: Subject: Test message
C:
C: Hello Alice.
C: This is a test message with 5 header fields and 4 lines in the message body.
C: Your friend,
C: Bob
C: .
S: 250 Ok: queued as 12345
C: QUIT
S: 221 Bye
但是当收到多封邮件时就变得更加复杂
S: 220 smtp.example.com ESMTP Postfix
C: HELO relay.example.org
C: HELO relay.example.org
S: 250 Hello relay.example.org, I am glad to meet you
C: MAIL FROM:<[email protected]>
S: 250 Ok
C: RCPT TO:<[email protected]>
**C2: MAIL FROM:<[email protected]>**
S: 250 Ok
**C2: RCPT TO:<[email protected]>**
C: RCPT TO:<[email protected]>
S: 250 Ok
C: DATA
**C2: DATA2
C3: MAIL FROM:<[email protected]>
C3: RCPT TO:<[email protected]>**
S: 354 End data with <CR><LF>.<CR><LF>
**C3: DATA3**
C: From: "Bob Example" <[email protected]>
C: To: "Alice Example" <[email protected]>
C: Cc: [email protected]
C: Date: Tue, 15 Jan 2008 16:02:43 -0500
C: Subject: Test message
C:
C: Hello Alice.
C: This is a test message with 5 header fields and 4 lines in the message body.
C: Your friend,
C: Bob
C: .
S: 250 Ok: queued as 12345
C: QUIT
S: 221 Bye
那么我如何确定哪个数据包属于C,C1,C2。或者谁正在使用wireshark向[电子邮件受保护]发送邮件?
The smtp protocol is basically like this:
S: 220 smtp.example.com ESMTP Postfix
C: HELO relay.example.org
S: 250 Hello relay.example.org, I am glad to meet you
C: MAIL FROM:<[email protected]>
S: 250 Ok
C: RCPT TO:<[email protected]>
S: 250 Ok
C: RCPT TO:<[email protected]>
S: 250 Ok
C: DATA
S: 354 End data with <CR><LF>.<CR><LF>
C: From: "Bob Example" <[email protected]>
C: To: "Alice Example" <[email protected]>
C: Cc: [email protected]
C: Date: Tue, 15 Jan 2008 16:02:43 -0500
C: Subject: Test message
C:
C: Hello Alice.
C: This is a test message with 5 header fields and 4 lines in the message body.
C: Your friend,
C: Bob
C: .
S: 250 Ok: queued as 12345
C: QUIT
S: 221 Bye
But when multiple mails are recieved it becomes more complicated
S: 220 smtp.example.com ESMTP Postfix
C: HELO relay.example.org
C: HELO relay.example.org
S: 250 Hello relay.example.org, I am glad to meet you
C: MAIL FROM:<[email protected]>
S: 250 Ok
C: RCPT TO:<[email protected]>
**C2: MAIL FROM:<[email protected]>**
S: 250 Ok
**C2: RCPT TO:<[email protected]>**
C: RCPT TO:<[email protected]>
S: 250 Ok
C: DATA
**C2: DATA2
C3: MAIL FROM:<[email protected]>
C3: RCPT TO:<[email protected]>**
S: 354 End data with <CR><LF>.<CR><LF>
**C3: DATA3**
C: From: "Bob Example" <[email protected]>
C: To: "Alice Example" <[email protected]>
C: Cc: [email protected]
C: Date: Tue, 15 Jan 2008 16:02:43 -0500
C: Subject: Test message
C:
C: Hello Alice.
C: This is a test message with 5 header fields and 4 lines in the message body.
C: Your friend,
C: Bob
C: .
S: 250 Ok: queued as 12345
C: QUIT
S: 221 Bye
So how can I determine which data packet belongs to C , C1 , C2. Or who is sending mail to [email protected] using wireshark?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试创建 TCP(tcp.port、tcp.srcport 或 tcp.dstport)或 IP(ip.addr、ip.src 或 ip.dst)过滤器。使用这种过滤器,您应该只能提取一个连接。
Try to create TCP (tcp.port, tcp.srcport or tcp.dstport) or IP (ip.addr, ip.src or ip.dst) filter. Using this kind of filters you should be able to extract only one connection.