Reading: Chapter 24 covers SMTP, DNS, and HTTP.
In this lab you will look at how an application protocol works. In particular, you will study an SMTP conversation.
Create a file containing the raw email message you want to send. Here "raw" means without the help of a mail user agent. In other words, use a text editor. Here is an example for a hypothetical user "Thomas Jefferson" sending a message to Jill Jones:
From: Thomas Jefferson <tjeffers@lemuria.cis.vtc.edu>
To: Jill Jones <jjones@vtc.edu>
Subject: Comments on the Declaration of Independence?
Date: [see instructions below!]
Hi Jill,
I'd be interested in your thoughts on the attached document. We are hoping
to finalize this tomorrow.
Tom
You should use your own VTC address so you can later check if the mail was delivered properly (and so the IP addresses below will be correct). Look up the proper syntax for the Date field in RFC-5322, section 3.3. Use the date July 3, 1776. Pick any reasonable time, but be sure to include the time zone as -0500.
Verify that your message can be delivered by running the following command on Lemuria:
$ sendmail -t jjones@vtc.edu < message.txt
Replace jjones@vtc.edu with your email address. This is the address used in the RCPT command used by SMTP. The sendmail program knows how to do SMTP to the appropriate system. You should receive the message in a minute or two. Check the date on the received message. Is it correct?
Next, look up the IP addresses for the VTC mail exchangers. There are two of them. Use nslookup and query the domain name system for MX records like this:
$ nslookup
> set type=mx
> vtc.edu
Note that the query above might return a single name for the mail exchanger. Covert that name to an IP address by switching nslookup to look up type "a" records (IPv4 addresses). and then specifying the mail exchanger name.
In a separate session start tshark with a capture filter like this:
-f '(host ip-addr-1 or host ip-addr-2) and port 25'
Replace ip-addr-n with the two mail exchanger IP addresses you found in the previous step. This will capture traffic to either of those hosts so it won't matter which one sendmail tries to use. Notice that the filter also specifies only traffic to and from the SMTP port 25. Be sure to store the capture in a file for later study. Now send yourself your message again.
Study the summary information about your capture. Answer the following questions:
Find the frame where the server responds to the client's EHLO command (it might be around frame #8, but the exact number might be different for you). Dissect that frame in detail. Precisely what data does the server send? In particular, what extensions does it support? Look up information on the PIPELINE extension (try googling "SMTP pipeline extension"). What does it do? What is its value?
Shortly after the server announces its extensions, the client sends SMTP commands. In which frame(s) is that done? You might be surprised to discover all the client commands in a single frame. What are those commands precisely?
What does the server say in response to the client's DATA command? (It's humorous so if it doesn't make you smile, you might not be looking at the right thing). What frame is that response in?
How many frames are used to hold the contents of your message and which frames are they? Has your message been encrypted or can you read it?
Did sendmail transmit the date as you specified, or did it change the date before sending the message?
Submit a document to Canvas (PDF preferred, but Word, text, or ODF are all acceptable) containing your answers to the questions above. Be sure to include your name in the file This lab is worth 20 points.
Last Revised: 2023-03-21
© Copyright 2023 by Peter Chapin <pchapin@vtc.edu>