CS 519 Spring 2003 – Homework 3

 

Email Transfer Protocols: SMTP, POP, IMAP & HTTP

 

Due: 02/12/2003 14:00 pm

 

Download: [poptrace.cap] [imaptrace.cap] [httptrace.cap]

 

Note: An extra credit question has been posted {last updated: 02/07/2003}

 

 

 

 

                    

 

 

 

SMTP is the protocol for sending mail. For receiving mail, there are several popular mail access protocols namely POP3, IMAP and even HTTP. In this exercise you will explore the operation and analyze the traces of three popular mail access protocols namely Post Office Protocol 3 (POP3), Interactive Mail Access Protocol (IMAP) and HTTP.

 

SMTP

 

SMTP is used to (1) transfer email from the sender’s mail server to the recipient’s mail server and (2) transfer email from the sender’s user agent (e.g. Outlook Express) to the sender’s mail server.

 

POP3

 

POP3 is a simple protocol used for fetching email from a remote mailbox, defined in RFC 1225. It has commands for the user to log in, log out, fetch and delete messages. The point of POP3 is to fetch email from the remote inbox and store it on the user’s local machine to be read later.

 

IMAP

 

IMAP is a sophisticated delivery protocol, defined in RFC 1064. It was designed to help the user who uses multiple computers, perhaps a workstation in office, PC at home and a laptop on the road. The basic idea behind IMAP is for the email server to maintain a central repository that can be accessed from any machine. Thus, unlike POP3, IMAP does not copy email to the user’s personal machine because the user may have several. In other words, the mailbox can be viewed as a relational database system rather than a linear sequence of messages.

 

HTTP

 

The majority of Internet users are sending and accessing their emails through web-based emails like Hotmail and Yahoo. With the web-based email (HTTP) the end user uses the web browser to communicate with his remote inbox. When ‘X’ wants to access a message in his inbox, the email message is sent from X’s mail server to X’s web browser using the HTTP protocol rather than using POP3/IMAP. Similarly when ‘Y’ wants to send a message to someone, the email message is sent from Y’s browser to Y’s mail server over HTTP rather than SMTP. However, X’s mail server and Y’s mail server send and receive messages to each other using SMTP.

 

Network Configuration

 

The traces were taken on a host behind a NAT firewall. For the POP and IMAP traces, a user-agent (Outlook Express) was used to send and read messages and the HTTP trace was done using a web-browser as a user-agent accessing the remote inbox at a free email service on the Internet.

 

 

Questions

 

Please refer to the capture file poptrace.cap to answer the following questions

 

1. Initially the client (Outlook Express) establishes a TCP connection to the mail server. Identify the packet numbers, which show the handshaking between the client and the mail server. Which port number does the POP3 mail server listen to?
   
   
2. Were you able to see the user login and password information during the authorization phase? If yes, what were the credentials and If No, why?
   
   
3. During the client query, how many messages were available for download in the mail server? What was the total size in bytes of those messages? What were the individual message lengths in bytes?
   
   
4. Were you able to see the contents of the individual messages? If so which packets display the contents of those messages?
   
   
5. What are the purpose of packet numbers 22, 26 and 30?
   
   
6. A message was composed by the client and sent to the mail server for delivery. Now identify the packets corresponding to the HELO, MAIL FROM, RCPT TO and DATA commands and their corresponding contents. (You should mention the To, CC and Bcc fields as applicable)

 

Please refer to the capture file imaptrace.cap to answer the following questions

 

7. What is the name of the IMAP mail server and which port does it listen to?
   
   
8. Were you able to see the user login and password information during the authorization phase? If yes, what were the credentials and If No, what might be the reason that you don’t see them?

 

Please refer to the capture file httptrace.cap to answer the following questions

 

9. Skim through the trace. Do you find any evidence of encryption techniques/algorithms used in the session? List those possible algorithms, which might have been deployed for the cause. (You need not explain how each algorithm works)

 

Extra Credit

 

10. What is the difference between HTTP and HTTPS? Look into the httptrace.cap capture file. What does hotmail deploy for its sessions? Were you able to view the contents of the message posted to the mail server? If so, what were the contents of the header and the body of the message sent and how did you find it? If no, why? Did you find anything else interesting?

 

Links

 

POP vs. IMAP

RFC1064 – Interactive Mail Access Protocol

RFC1225 – Post Office Protocol Version 3

SSL Protocol – Version 3

How to configure your user agent to talk to a POP3/IMAP [accessible only inside the CS domain]

 

 

[Disclaimer: These traces were captured and solely intended only for educational purposes and had the complete consent of the individuals concerned]