Escolar Documentos
Profissional Documentos
Cultura Documentos
07/26/2019
In order to test SMTP, IMAP, POP, and HTTP, I opened a separate terminal to manually open up their
port as follows: (SMTP:25, IMAP:143, POP:110, HTTP:80)
Unfortunately, on the VM I couldn’t quite connect to any of them so I got some static (possibly encrypted)
data for output. However, I was able to trigger the ports showing they are connected fine.
********************************************
SMTP – Port 25
********************************************
TCP HEADER
SRC-PORT-NUM = 34876
DEST-PORT-NUM = 25
SEQ-NUM = B2:C7:C8:CC
ACKNOW-NUM = 00:00:00:00
HDR-LEN = 10
FLAGS = 0 0 0 0 1 0 -> SYN
Cpre530 PA III Isaac C Klein
07/26/2019
WINDOW-SIZE = 29200
CHECKSUM = 9C:B4
URGENT-PTR = 0
OPTIONS:
02:04:05:B4:04:
02:08:0A:20:AA:
AA:29:00:00:00:
00:01:03:03:07:
00:00:00:00:F0:
2A:3B:5D:6D:91:
BA:08:42:00:00:
00:42:00:00:00:
*****PAYLOAD*****
)*;]mBB
***END-PAYLOAD***
Total: PACKS = 52, IPS = 52, ARPS = 0, ICMPS = 0, TCPS = 48, UDPS = 4
DNSS = 2, DHCPS = 0, ECTPS = 0, ATAS = 0, TKIPS = 0
SMTPS = 1, POPS = 0, IMAPS = 0, HTTPS = 0, HTTPSS = 0
********************************************
TCP HEADER
SRC-PORT-NUM = 34726
DEST-PORT-NUM = 25
SEQ-NUM = B0:4C:64:03
ACKNOW-NUM = 00:00:00:00
HDR-LEN = 10
FLAGS = 0 0 0 0 1 0 -> SYN
WINDOW-SIZE = 29200
CHECKSUM = 9C:B4
Cpre530 PA III Isaac C Klein
07/26/2019
URGENT-PTR = 0
OPTIONS:
02:04:05:B4:04:
02:08:0A:20:97:
66:6A:00:00:00:
00:01:03:03:07:
C0:00:00:00:01:
26:3B:5D:E1:29:
78:1F:69:00:00:
00:69:00:00:00:
*****PAYLOAD*****
fj&;])xii
***END-PAYLOAD***
Total: PACKS = 35, IPS = 35, ARPS = 0, ICMPS = 0, TCPS = 25, UDPS = 10
DNSS = 4, DHCPS = 0, ECTPS = 0, ATAS = 0, TKIPS = 0
SMTPS = 2, POPS = 0, IMAPS = 0, HTTPS = 0, HTTPSS = 0
********************************************
TCP HEADER
SRC-PORT-NUM = 44368
DEST-PORT-NUM = 143
SEQ-NUM = 43:6D:DD:59
ACKNOW-NUM = 00:00:00:00
HDR-LEN = 10
FLAGS = 0 0 0 0 1 0 -> SYN
WINDOW-SIZE = 29200
Cpre530 PA III Isaac C Klein
07/26/2019
CHECKSUM = 9C:B4
URGENT-PTR = 0
OPTIONS:
02:04:05:B4:04:
02:08:0A:20:AD:
9B:12:00:00:00:
00:01:03:03:07:
98:00:00:00:B1:
2B:3B:5D:45:75:
F8:03:42:00:00:
00:42:00:00:00:
*****PAYLOAD*****
+;]EuBB
***END-PAYLOAD***
Total: PACKS = 23, IPS = 23, ARPS = 0, ICMPS = 0, TCPS = 18, UDPS = 5
DNSS = 2, DHCPS = 0, ECTPS = 0, ATAS = 0, TKIPS = 0
SMTPS = 0, POPS = 0, IMAPS = 1, HTTPS = 0, HTTPSS = 0
********************************************
TCP HEADER
SRC-PORT-NUM = 44368
DEST-PORT-NUM = 143
SEQ-NUM = 43:6D:DD:59
ACKNOW-NUM = 00:00:00:00
HDR-LEN = 10
FLAGS = 0 0 0 0 1 0 -> SYN
WINDOW-SIZE = 29200
CHECKSUM = 9C:B4
URGENT-PTR = 0
Cpre530 PA III Isaac C Klein
07/26/2019
OPTIONS:
02:04:05:B4:04:
02:08:0A:20:AD:
9F:07:00:00:00:
00:01:03:03:07:
00:00:00:00:B2:
2B:3B:5D:C5:F4:
12:21:5A:00:00:
00:5A:00:00:00:
*****PAYLOAD*****
+;]!ZZ
***END-PAYLOAD***
Total: PACKS = 26, IPS = 26, ARPS = 0, ICMPS = 0, TCPS = 21, UDPS = 5
DNSS = 2, DHCPS = 0, ECTPS = 0, ATAS = 0, TKIPS = 0
SMTPS = 0, POPS = 0, IMAPS = 2, HTTPS = 0, HTTPSS = 0
********************************************
TCP HEADER
SRC-PORT-NUM = 41886
DEST-PORT-NUM = 110
SEQ-NUM = 09:8C:55:A8
ACKNOW-NUM = 00:00:00:00
HDR-LEN = 10
FLAGS = 0 0 0 0 1 0 -> SYN
WINDOW-SIZE = 29200
CHECKSUM = 9C:B4
Cpre530 PA III Isaac C Klein
07/26/2019
URGENT-PTR = 0
OPTIONS:
02:04:05:B4:04:
02:08:0A:20:AF:
C5:60:00:00:00:
00:01:03:03:07:
00:00:00:00:00:
00:00:00:00:00:
00:00:00:00:00:
00:00:00:00:00:
*****PAYLOAD*****
`
***END-PAYLOAD***
********************************************
TCP HEADER
SRC-PORT-NUM = 41886
DEST-PORT-NUM = 110
SEQ-NUM = 09:8C:55:A8
ACKNOW-NUM = 00:00:00:00
HDR-LEN = 10
FLAGS = 0 0 0 0 1 0 -> SYN
WINDOW-SIZE = 29200
CHECKSUM = 9C:B4
URGENT-PTR = 0
OPTIONS:
Cpre530 PA III Isaac C Klein
07/26/2019
02:04:05:B4:04:
02:08:0A:20:AF:
C9:67:00:00:00:
00:01:03:03:07:
98:00:00:00:40:
2C:3B:5D:15:3A:
17:1D:3C:00:00:
00:3C:00:00:00:
*****PAYLOAD*****
g@,;]:<<
***END-PAYLOAD***
********************************************
TCP HEADER
SRC-PORT-NUM = 41886
DEST-PORT-NUM = 110
SEQ-NUM = 09:8C:55:A8
ACKNOW-NUM = 00:00:00:00
HDR-LEN = 10
FLAGS = 0 0 0 0 1 0 -> SYN
WINDOW-SIZE = 29200
CHECKSUM = 9C:B4
URGENT-PTR = 0
OPTIONS:
02:04:05:B4:04:
02:08:0A:20:AF:
D1:47:00:00:00:
Cpre530 PA III Isaac C Klein
07/26/2019
00:01:03:03:07:
00:00:00:00:00:
00:00:00:00:00:
00:00:00:00:00:
00:00:00:00:00:
*****PAYLOAD*****
G
***END-PAYLOAD***
Total: PACKS = 28, IPS = 18, ARPS = 10, ICMPS = 0, TCPS = 7, UDPS = 11
DNSS = 4, DHCPS = 0, ECTPS = 0, ATAS = 0, TKIPS = 0
SMTPS = 0, POPS = 3, IMAPS = 0, HTTPS = 0, HTTPSS = 0
********************************************
HTTP – Port 80
********************************************
TCP HEADER
SRC-PORT-NUM = 36286
DEST-PORT-NUM = 80
SEQ-NUM = 80:25:3B:C3
ACKNOW-NUM = 00:00:00:00
HDR-LEN = 10
FLAGS = 0 0 0 0 1 0 -> SYN
WINDOW-SIZE = 29200
CHECKSUM = B0:8D
URGENT-PTR = 0
OPTIONS:
Cpre530 PA III Isaac C Klein
07/26/2019
02:04:05:B4:04:
02:08:0A:79:37:
CA:83:00:00:00:
00:01:03:03:07:
C0:00:00:00:1F:
2D:3B:5D:9A:4E:
0D:1B:69:00:00:
00:69:00:00:00:
*****PAYLOAD*****
y7
***END-PAYLOAD***
Total: PACKS = 49, IPS = 45, ARPS = 4, ICMPS = 0, TCPS = 34, UDPS = 11
DNSS = 4, DHCPS = 0, ECTPS = 0, ATAS = 0, TKIPS = 0
SMTPS = 0, POPS = 0, IMAPS = 0, HTTPS = 1, HTTPSS = 0
********************************************
TCP HEADER
SRC-PORT-NUM = 36286
DEST-PORT-NUM = 80
SEQ-NUM = 80:25:3B:C3
ACKNOW-NUM = 00:00:00:00
HDR-LEN = 10
FLAGS = 0 0 0 0 1 0 -> SYN
WINDOW-SIZE = 29200
CHECKSUM = B0:8D
URGENT-PTR = 0
OPTIONS:
02:04:05:B4:04:
02:08:0A:79:37:
CE:81:00:00:00:
Cpre530 PA III Isaac C Klein
07/26/2019
00:01:03:03:07:
98:00:00:00:20:
2D:3B:5D:7C:98:
BD:10:42:00:00:
00:42:00:00:00:
*****PAYLOAD*****
y7
***END-PAYLOAD***
Total: PACKS = 84, IPS = 80, ARPS = 4, ICMPS = 0, TCPS = 69, UDPS = 11
DNSS = 4, DHCPS = 0, ECTPS = 0, ATAS = 0, TKIPS = 0
SMTPS = 0, POPS = 0, IMAPS = 0, HTTPS = 2, HTTPSS = 0
I then let each command run to timeout printing only the payload for that port as a test.
SHMT - Port 25
Cpre530 PA III Isaac C Klein
07/26/2019
HTTP – Port 80
Cpre530 PA III Isaac C Klein
07/26/2019
//ADDED VARIABLES
int Num_Of_Packets = 0;
int Num_Of_ARPS = 0;
int Num_Of_IPS = 0;
int Num_Of_ECTPS = 0;
int Num_Of_ATAS = 0;
int Num_Of_TKIPS = 0;
int Num_Of_ICMPS = 0;
int Num_Of_TCPS = 0;
int Num_Of_UDPS = 0;
int Num_Of_DNSS = 0;
int Num_Of_DHCPS = 0;
int Num_Of_FTPS = 0;
int Num_Of_SSHS = 0;
int Num_Of_TELNETS = 0;
int Num_Of_SMTPS = 0;
int Num_Of_HTTPS = 0;
int Num_Of_HTTPSS = 0;
int Num_Of_POPS = 0;
int Num_Of_IMAPS = 0;
void raw_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{
u_int length = h->len;
u_int caplen = h->caplen;
uint16_t e_type;
Num_Of_Packets += 1;
printf("********************************************\n\n");
printf("DEST ADDR = %02X:%02X:%02X:%02X:%02X:%02X:\n",
p[0],p[1],p[2],p[3],p[4],p[5]);
printf("SRC ADDR = %02X:%02X:%02X:%02X:%02X:%02X:\n",
p[6],p[7],p[8],p[9],p[10],p[11]);
e_type = p[12]*256 + p[13];
printf("ETH TYPE = %04X ", e_type);
if (e_type == 0x800) {
printf(" -> IP\n");
Num_Of_IPS += 1;
int Icmp = 0;
int Tcp = 0;
int Udp = 0;
int PayLen;
//Take the left 4 bits and shift them to the right to one value.
printf("VER = %dX, ", p[14] >> 4);
//Take only the right 4 bits.
printf("HDR-LEN = %d\n", 0x0F & p[14]);
printf("SERVICE = %d\n", p[15]);
//Take the right 4 bits and add them to the left 8 bits, shifted 4 to the left.
PayLen = p[17] + (p[16] << 8);
printf("PAY-LEN = %d\n", PayLen);
printf("IDENTIFIER = %d\n", p[19] + (p[18] << 8));
//Left most bit anded and shifted to bit 1, middle anded and shifted to bit 1,
right anded and shifted to bit 1.
printf("FLAGS = %d %d %d\n", (p[20] & 0x80) >> 7, (p[20] & 0x40) >> 6, (p[20] &
0x20) >> 5);
printf("OFFSET = %d\n", ((p[20] & 0x1F) << 8) + (p[21]));
Cpre530 PA III Isaac C Klein
07/26/2019