LAN $($depending on how your LAN is configured$).$

For this activity, you can capture your own SMTP and POP packets using Wireshark, or use two files that we've created by capturing SMTP and POP packets. We'll assume you're going to use our files. If you'd like to capture your own packets, read Hands$-$On Activity $1$B in Chapter $1$ and use your two$-$tier email client to create and send an email message instead of your Web browser. If you'd like to use our files, go to the website for this book and download the two files: SMTP Capture.pkt and POP$3$ Capture.pkt$.($See below after FIGURE $2-21$ POP packets in Wireshark$)$

Part $1$: SMTP

Start Wireshark and either capture your SMTP packets or open the file called SMTP Capture.pkt$.$

We used the email software on our client computer to send an email message to our email server. Figure $2-20$ shows the packets we captured that were sent to and from the client computer $($called $192\mathrm{.}168\mathrm{.}1\mathrm{.}100)$ and the server $(128\mathrm{.}196\mathrm{.}40\mathrm{.}4)$ to send this message from the client to the server. The first few packets are called the handshake, as the client connects to the server and the server acknowledges it is ready to receive a new email message.

Packet $8$ is the start of the email message that identifies the sender$.$ The next packet from the client $($packet $10)$ provides the recipient address and then the email message starts with the DATA command $($packet $12)$ and is spread over several packets $(14,15,$ and $17)$ because it is too large to fit in one Ethernet frame. $($Remember that the sender$\text{'}$s transport layer breaks up large messages into several smaller TCP segments for transmission and the receiver's transport layer reassembles the segments back into the one SMTP message.$)$

Packet $14$ contains the first part of the message that the user wrote. It's not that easy to read, but by looking in the bottom window, you can see what the sender wrote.

Deliverables

List the information in the SMTP header $($to$,$ from, date, subject, message ID#$).$

Look through the packets to read the user's message. List the user's actual name $($not his or her email address$),$ his or her birth date, and his or her SSN$.$

Some experts believe that sending an email message is like sending a postcard. Why? How secure is SMTP email? How could security be improved?

Part $2$: POP

Start Wireshark and either capture your SMTP packets or open the file called POP$3$ Capture.pkt$.($Note: Depending on the version of Wireshark you are using, the file extension may be pkt or pcap.$)$

We used the email software on our client computer to read an email message that was our email server. Figure $2-21$ shows the packets we captured that were sent to and from the client computer $($called $128\mathrm{.}196\mathrm{.}239\mathrm{.}91)$ and the server $(128\mathrm{.}192\mathrm{.}40\mathrm{.}4)$ to send an email message from the server to the client. The first few packets are called the handshake, as the client logs in to the server and the server accepts the log$-$in$.$

Packet $12$ is the POP STAT command $($status$)$ that asks the server to show the number of email messages in the user's mailbox. The server responds in packet $13$ and tells the client there is one message.

Packet $16$ is the POP LIST command that asks the server to send the client a summary of email messages,

Packet $16$ is the POP LIST command that asks the server to send the client a summary of email messages, which it does in packet $17.$

Packet $18$ is the POP RETR command $($retrieve$)$ that asks the server to send message $1$ to the client. Packets $20,22,$ and $23$ contain the email message. It's not that easy to read, but by looking in the bottom window for packet $20,$ you can see what the sender wrote. You can also expand the POP packet in the middle packet detail window $($by clicking on the $+$ box in front of it$),$ which is easier to read.

Deliverable Instructions

You must answer every question for full credit.

You must submit your assignment using the same sample format for credit.

Packets $5$ through $11$ are the log$-$in process. Can you read the user id and passwords? Why or why not?

Look through the packets to read the user's message. List the user's actual name $($not his or her email address$),$ his or her birthdate, and his or her SSN$.$