本文主要使用Wireshark对邮件客户端使用POP3协议收取邮件的过程进行抓包分析并使用telnet命令进行简单操作。

1、POP3简介

邮局协议(英语:Post Office Protocol,缩写:POP)属于TCP/IP协议族中的一员,由RFC 1939定义。此协议主要用于支持使用客户端远程管理在服务器上的电子邮件。最新版本为POP3,全名“Post Office Protocol - Version 3”,而提供了SSL加密的POP3协议被称为POP3S。

POP支持离线邮件处理。其具体过程是:发件人将邮件发送到服务器上,收件人客户端使用MUA以连接服务器,并下载所有未阅读的电子邮件。这种离线访问模式是一种存储转发服务,将邮件从邮件服务器端送到个人客户端上,可以是PC或者手机等多种设备。旧版的POP3协议在邮件被下载后,会删除掉邮件服务器上的邮件。改进的POP3协议可以在配置中选择可以“只下载邮件,服务器端并不删除”,也是目前POP3的主流操作方式。

2、抓包环境

抓包工具还是使用的wireshark,测试的协议是POP3,默认端口110,同样地为了方便分析数据没有使用TLS/SSL加密,但是结果都问题不大。

测试的账号登录之后自动同步了收件箱中已有的5封邮件,然后我又给测试账号发了一封邮件,因此抓包的时候MUA客户端上应该是只有本地已缓存的5封已读邮件和服务器端尚未下载的1封未读邮件,这样比较符合实际的情况。

开启wireshark监听对应的网卡,设定Filter为邮件服务器的IP并且设定协议为pop基本就能抓取到需要的数据包,然后我们再Follow这条POP数据流对应的TCP stream就可以看到下面的完整信息。

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-1cvPTpsd-1645781182981)(https://resource.tinychen.com/image-20200511131942318.png)]

毫无意外地可以看到TCP的三握四挥,这里不作赘述。

3、POP3数据包分析

首先我们可以看到在客户端和服务端TCP三次握手建立连接后,服务端发送报文给客户端告知顺利和POP3服务器建立连接:

接下来客户端发送了一个CAPA命令:

wiki里面有列出常用的POP3命令,但是却并没有CAPA这条命令,顺着下面的参考文档查了一下,在RFC的文档RFC2449中找到了比较详细的定义:

Section 3 describes the CAPA response using [ABNF]. When a
capability response describes an optional command, the
SHOULD be identical to the command keyword. CAPA response tags are
case-insensitive.

​ CAPA

​ Arguments:
​ none

​ Restrictions:
​ none

​ Discussion:
​ An -ERR response indicates the capability command is not
​ implemented and the client will have to probe for
​ capabilities as before.

​ An +OK response is followed by a list of capabilities, one
​ per line. Each capability name MAY be followed by a single
​ space and a space-separated list of parameters. Each
​ capability line is limited to 512 octets (including the
​ CRLF). The capability list is terminated by a line
​ containing a termination octet (".") and a CRLF pair.

​ Possible Responses:
​ +OK -ERR

也就是说客户端发送CAPA命令主要是用于获取POP3服务端可以执行的命令,然后POP3服务器果然就返回了对应的+OK responseCapability list follows

接下来客户端开始传输账号密码用于登录,可以看到在登录成功之后,POP3服务端返回了消息提示有6封邮件(6 messages)和邮件的总大小(25568 bytes),然后客户端发送UTF8命令指定编码方式,收到服务端返回的确认消息后再发送STAT命令来请求服务器发回关于邮箱的统计资料(此处为邮件总数和总字节数)。

紧接着客户端继续发送UIDL命令,POP3服务器端返回邮件的唯一标识符,POP3会话的每个标识符都将是唯一的,并且是全局始终唯一。即同一封邮件在每次通信的时候的标识符都是不变的,这样就有利于MUA将本地存储的邮件和服务器端的邮件进行对比从而知道哪些邮件还没有被下载到本地。

获取邮件标识符后,客户端会发送LIST命令查询邮件数量和每个邮件的大小,这里我们可以看到邮件的总数量和总大小是和上面的STAT命令查询的一致的。

前面我们说过在抓包之前MUA中是存着5封邮件并且第6封邮件是未读的,因此这时客户端就会发送RETR请求获取第6封邮件的信息:

服务器首先返回一条信息表示OK,并且说明这封邮件的大小是1199个字节,然后开始传输整封邮件的内容,整个邮件内容包含了标准的一些邮件信息(主题、正文、收发件人、时间等)和一些对应的邮件系统的专属信息。

最后邮件以.结束传输,客户端发送QUIT请求,服务端返回OK结束本次传输。

4、telnet操作

和之前的SMTP一样,我们也可以使用telnet命令对服务器的110端口进行操作:

[root@www coremail]# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Welcome to coremail Mail Pop3 Server (126coms[c92b4e18679ada4069d0bde6e2528ad1s])
CAPA
+OK Capability list follows
TOP
USER
PIPELINING
UIDL
LANG
UTF8
SASL PLAIN
STLS
.
USER test01@coremail.cn
+OK core mail
PASS password
+OK 6 message(s) [25568 byte(s)]
UTF8
+OK UTF-8 OK
STAT
+OK 6 25568
UIDL
+OK 6 25568
1 1tbiAQACE10Y3LsAAAAAsy
2 1tbiAQACE10Y3LsAAAACsw
3 1tbiAQACE10Y3LsAAAADsx
4 1tbiAQACE10Y3LsAAAAEs2
5 1tbiAQACE10Y3LsAAAAFs3
6 1tbiAQACE10Y3LsAAAAGs0
.
LIST
+OK 6 25568
1 7959
2 1199
3 6445
4 6469
5 2297
6 1199
.

到这里的操作是和之前一样的,实际上我们还可以使用RETR命令查看任意一封邮件的内容:

RETR 5
+OK 2297 octets
Received: from TINYDESKTOP (unknown [10.228.12.149])by www.example.com (Coremail) with SMTP id AQAAfwBXc7qLVrZeWAAAAA--.16S2;Sat, 09 May 2020 15:06:51 +0800 (CST)
From: "Microsoft Outlook" <test01@coremail.cn>
Sender: test01@coremail.cn
To: <test01@coremail.cn>
Subject: =?utf-8?B?TWljcm9zb2Z0IE91dGxvb2sg5rWL6K+V5raI5oGv?=
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary="----=_NextPart_000_0000_01D62613.778669A0"
X-CM-TRANSID:AQAAfwBXc7qLVrZeWAAAAA--.16S2
Message-Id:<5EB6568B.000001.04520@coremail.cn>
X-Coremail-Antispam: 1UD129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73VFW2AGmfu7bjvjm3AaLaJ3UjIYCTnIWjp_UUUYK7AC8VAFwI0_Jr0_Gr1l1xkIjI8I6I8E6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWUJVWUCwA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxVWUJVW8JwA2z4x0Y4vEx4A2jsIE14v26r1j6r4UM28EF7xvwVC2z280aVCY1x0267AKxVWUJVW8JwAac4AC62xK8xCEY4vEwIxC4wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40E4c8EcI0Er2xKeI8DMcIj6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr1lF7xvr2IY64vIr41lF7I21c0EjII2zVCS5cI20VAGYxC7M4xvF2IEb7IF0Fy264kE64k0F24lw4CEF2IF47xS0VAv8wCF04k20xvY0x0EwIxGrwCF04k20xvE0xIIj40Ec7CjxwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r106r1rMI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jr0_JrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Jr0_Gr1lIxAIcVCF04k26cxKx2IYs7xG6rW3Jr0E3s1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVWUJVW8JbIYCTnIWIevJa73UjIFyTuYvjfUjiiSDUUUU
Date: Sat, 9 May 2020 15:06:51 +0800 (CST)
X-CM-SenderInfo: hwhv3imr6f02phpdxzgofq/This is a multipart message in MIME format.------=_NextPart_000_0000_01D62613.778669A0
Content-Type: text/plain;charset="utf-8"
Content-Transfer-Encoding: base646L+Z5piv5Zyo5rWL6K+V5L2g55qE5biQ5oi36K6+572u5pe2IE1pY3Jvc29mdCBPdXRsb29rIOiH
quWKqOWPkemAgeeahOeUteWtkOmCruS7tuOAgg0K------=_NextPart_000_0000_01D62613.778669A0
Content-Type: text/html;charset="utf-8"
Content-Transfer-Encoding: base64PGh0bWw+PGJvZHk+PHA+6L+Z5piv5Zyo5rWL6K+V5L2g55qE5biQ5oi36K6+572u5pe2IE1pY3Jv
c29mdCBPdXRsb29rIOiHquWKqOWPkemAgeeahOeUteWtkOmCruS7tuOAgg0KPC9wPjwvYm9keT48
L2h0bWw+------=_NextPart_000_0000_01D62613.778669A0--
.
RETR 6
+OK 1199 octets
Received: by ajax-webmail-www.example.com (Coremail) ; Sat, 9 May 202015:35:01 +0800 (GMT+08:00)
X-Originating-IP: [10.228.12.149]
Date: Sat, 9 May 2020 15:35:01 +0800 (GMT+08:00)
X-CM-HeaderCharset: UTF-8
From: test02@coremail.cn
To: test01@coremail.cn
Subject: awesome pop
X-Priority: 3
X-Mailer: Coremail Webmail Server Version XT5.0.8a build 20190308(983496cf)Copyright (c) 2002-2020 www.mailtech.cn 126com
Content-Type: multipart/alternative;boundary="----=_Part_5_1271853342.1589009701828"
MIME-Version: 1.0
Message-ID: <4d02717c.1.171f85bdbc6.Coremail.test02@coremail.cn>
X-Coremail-Locale: zh_CN
X-CM-TRANSID:AQAAfwAXM7olXbZeXAAAAA--.0W
X-CM-SenderInfo: hwhv3ims6f02phpdxzgofq/1tbiAQADCV0Y3LsAAwAIsi
X-Coremail-Antispam: 1Ur529EdanIXcx71UUUUU7IcSsGvfJ3GIAIbVAYFVCjjxCrMIAIbVAFxVCF77xC64kEw24lV2xY67C26IkvcIIF6IxKo4kEV4DvcSsGvfC2KfnxnUU==------=_Part_5_1271853342.1589009701828
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bitThis is for pop test!
------=_Part_5_1271853342.1589009701828
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bitThis is for pop test!
------=_Part_5_1271853342.1589009701828--
.
RETR 4
+OK 6469 octets
Received: from TINY-DESKTOP (unknown [10.228.12.149])by www.example.com (Coremail) with SMTP id AQAAfwCngFa5lNFcYQAAAA--.16S2;Tue, 07 May 2019 22:22:50 +0800 (CST)
Date: Thu, 7 May 2020 14:22:46 +0800
From: test02 <test02@coremail.cn>
To: =?utf-8?Q?test01=40coremail.cn?= <test01@coremail.cn>
Message-ID: <305443E1-9258-4260-AA18-1A5CDFBD60EE@coremail.cn>
Subject: smtp test
X-Mailer: MailMasterPC/4.14.1.1004 (Windows 10 RS5)
X-CUSTOM-MAIL-MASTER-SENT-ID: 710FAD56-B1F1-48B7-B72F-543A5E51C5F2
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
X-CM-TRANSID:AQAAfwCngFa5lNFcYQAAAA--.16S2
X-Coremail-Antispam: 1UD129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73VFW2AGmfu7bjvjm3AaLaJ3UjIYCTnIWjp_UUUol7kC6x804xWl14x267AKxVWUJVW8JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0rVWUJVWUGwAFIxvE14AKwVWUJVWUGwA2jI8I6cxK62vIxIIY0VWkZVCq3wA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK021l84ACjcxK6xIIjxv20xvE14v26r1j6r1xM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r1j6r4UM28EF7xvwVC2z280aVAFwI0_Jr0_Gr1l84ACjcxK6I8E87Iv6xkF7I0E14v26r1j6r4UM2vYz4IE04k24VAvwVAKI4IrM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVAqjxCE14ACF2xKxwAqx4xG6xAIxVCFxsxG0wAqx4xG6I80eVA0xI0YY7vIx2IE14AGzxvEb7x7Mc02F40Ex7xS62IqYxC26I8Yz20kMcIj6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr1lF7xvr2IYc2Ij64vIr41lF7I21c0EjII2zVCS5cI20VAGYxC7M4xvF2IEb7IF0Fy264kE64k0F24lFcxC0VAqx4xG64AKrs4lw4CE7480Y4vE14AKx2xKxVC2ax8xMxAIw28IcxkI7VAKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_JrI_JrWlx2IqxVCjr7xvwVAFwI0_Jr0_Jr4lx4CE17CEb7AF67AKxVWUJVWUXwCIc40Y0x0EwIxGrwCI42IY6xIIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x0267AKxVWUJVW8JwCI42IY6xAIw20EY4v20xvaj40_Wr1j6rW3Jr1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVWUJVW8JwCE64xvF2IEb7IF0Fy7YxBIdaVFxhVjvjDU0xZFpf9x0zEzBTiUUUUU=
X-CM-SenderInfo: hwhv3ims6f02phpdxzgofq/PGh0bWw+DQo8aGVhZD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSdDb250ZW50LVR5cGUnIGNvbnRl
bnQ9J3RleHQvaHRtbDsgY2hhcnNldD1VVEYtOCc+DQo8L2hlYWQ+DQo8Ym9keT4NCjxzdHlsZT4N
CiAgICBmb250ew0KICAgICAgICBsaW5lLWhlaWdodDogMS42Ow0KICAgIH0NCiAgICB1bCxvbHsN
CiAgICAgICAgcGFkZGluZy1sZWZ0OiAyMHB4Ow0KICAgICAgICBsaXN0LXN0eWxlLXBvc2l0aW9u
OiBpbnNpZGU7DQogICAgfQ0KPC9zdHlsZT4NCjxkaXYgc3R5bGUgPSAnZm9udC1mYW1pbHk65b6u
6L2v6ZuF6buRLFZlcmRhbmEsJnF1b3Q7TWljcm9zb2Z0IFlhaGVpJnF1b3Q7LFNpbVN1bixzYW5z
LXNlcmlmO2ZvbnQtc2l6ZToxNHB4OyBsaW5lLWhlaWdodDoxLjY7Jz4NCiAgICA8ZGl2ID48L2Rp
dj48ZGl2PgogICAgPGRpdj4KICAgICAgICA8c3Bhbj5zbXRwIHRlc3QKICAgICAgICA8L3NwYW4+
PC9kaXY+CiAgICA8ZGl2PgogICAgICAgIDxzcGFuPgogICAgICAgICAgICA8YnI+CiAgICAgICAg
PC9zcGFuPgogICAgPC9kaXY+CiAgICA8ZGl2IGlkPSJudGVzLXBjbWFjLXNpZ25hdHVyZSIgc3R5
bGU9ImZvbnQtZmFtaWx5Oiflvq7ova/pm4Xpu5EnIj4KICAgICAKICAgIDxkaXYgc3R5bGU9ImZv
bnQtc2l6ZToxNHB4OyBwYWRkaW5nOiAwOyAgbWFyZ2luOjA7bGluZS1oZWlnaHQ6MTRweDsiPgog
ICAgICAgIDxkaXYgc3R5bGU9InBhZGRpbmctYm90dG9tOjZweDttYXJnaW4tYm90dG9tOjEwcHg7
Ym9yZGVyLWJvdHRvbToxcHggc29saWQgI2U2ZTZlNjtkaXNwbGF5OmlubGluZS1ibG9jazsiPgog
ICAgICAgICAgICAgICAgICAgIDxhIGhyZWY9Imh0dHBzOi8vbWFhcy5tYWlsLjE2My5jb20vZGFz
aGktd2ViLWV4dGVuZC9odG1sL3Byb1NpZ25hdHVyZS5odG1sP2Z0bElkPTEmYW1wO25hbWU9dGVz
dDAyJmFtcDt1aWQ9dGVzdDAyJTQwY29yZW1haWwuY24mYW1wO2ljb25Vcmw9aHR0cHMlM0ElMkYl
MkZtYWlsLW9ubGluZS5ub3Nkbi4xMjcubmV0JTJGcWl5ZWxvZ28lMkZkZWZhdWx0QXZhdGFyLnBu
ZyZhbXA7aXRlbXM9JTVCJTIydGVzdDAyJTQwY29yZW1haWwuY24lMjIlNUQiIHN0eWxlPSJkaXNw
bGF5OmJsb2NrO2JhY2tncm91bmQ6I2ZmZjsgbWF4LXdpZHRoOiA0MDBweDsgX3dpZHRoOiA0MDBw
eDtwYWRkaW5nOjE1cHggMCAxMHB4IDA7dGV4dC1kZWNvcmF0aW9uOiBub25lOyBvdXRsaW5lOm5v
bmU7LXdlYmtpdC10YXAtaGlnaGxpZ2h0LWNvbG9yOnRyYW5zcGFyZW50Oy13ZWJraXQtdGV4dC1z
aXplLWFkanVzdDpub25lICFpbXBvcnRhbnQ7dGV4dC1zaXplLWFkanVzdDpub25lICFpbXBvcnRh
bnQ7Ij4KICAgICAgICAgICAgPHRhYmxlIGNlbGxwYWRkaW5nPSIwIiBzdHlsZT0id2lkdGg6IDEw
MCU7IG1heC13aWR0aDogMTAwJTsgdGFibGUtbGF5b3V0OiBmaXhlZDsgYm9yZGVyLWNvbGxhcHNl
OiBjb2xsYXBzZTtjb2xvcjogIzliOWVhMTtmb250LXNpemU6IDE0cHg7bGluZS1oZWlnaHQ6MS4z
Oy13ZWJraXQtdGV4dC1zaXplLWFkanVzdDpub25lICFpbXBvcnRhbnQ7dGV4dC1zaXplLWFkanVz
dDpub25lICFpbXBvcnRhbnQ7Ij4KICAgICAgICAgICAgICAgIDx0Ym9keSBzdHlsZT0iZm9udC1m
YW1pbHk6ICdQaW5nRmFuZyBTQycsICdIaXJhZ2lubyBTYW5zIEdCJywnV2VuUXVhbllpIE1pY3Jv
IEhlaScsICdNaWNyb3NvZnQgWWFoZWknLCAn5b6u6L2v6ZuF6buRJywgdmVyZGFuYSAhaW1wb3J0
YW50OyB3b3JkLXdyYXA6YnJlYWstd29yZDsgd29yZC1icmVhazpicmVhay1hbGw7LXdlYmtpdC10
ZXh0LXNpemUtYWRqdXN0Om5vbmUgIWltcG9ydGFudDt0ZXh0LXNpemUtYWRqdXN0Om5vbmUgIWlt
cG9ydGFudDsiPgogICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIDx0ZCB3aWR0aD0iMzgiIHN0eWxlPSJwYWRkaW5nOjA7IGJveC1zaXppbmc6IGJvcmRl
ci1ib3g7IHdpZHRoOiAzOHB4OyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGlt
ZyB3aWR0aD0iMzgiIGhlaWdodD0iMzgiIHN0eWxlPSJ2ZXJ0aWNhbC1hbGlnbjptaWRkbGU7IHdp
ZHRoOiAzOHB4OyBoZWlnaHQ6IDM4cHg7IGJvcmRlci1yYWRpdXM6NTAlOyIgc3JjPSJodHRwczov
L21haWwtb25saW5lLm5vc2RuLjEyNy5uZXQvcWl5ZWxvZ28vZGVmYXVsdEF2YXRhci5wbmciPgog
ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgICAgICAgICAg
ICAgIDx0ZCBzdHlsZT0icGFkZGluZzogMCAwIDAgMTBweDsgY29sb3I6ICMzMTM1M2I7Ij4KICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2IHN0eWxlPSJmb250LXNpemU6IDE2cHg7
Zm9udC13ZWlnaHQ6Ym9sZDsgd2lkdGg6MTAwJTsgd2hpdGUtc3BhY2U6IG5vd3JhcDsgb3ZlcmZs
b3c6aGlkZGVuO3RleHQtb3ZlcmZsb3c6IGVsbGlwc2lzOyI+dGVzdDAyPC9kaXY+CiAgICAgICAg
ICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICAgIDwvdHI+CiAgICAg
ICAgICAgICAgICAgICAgICAgIDx0ciB3aWR0aD0iMTAwJSIgc3R5bGU9ImZvbnQtc2l6ZTogMTRw
eCAhaW1wb3J0YW50OyB3aWR0aDogMTAwJTsiPgogICAgICAgICAgICAgICAgICAgICAgICAgICAg
PHRkIGNvbHNwYW49IjIiIHN0eWxlPSJwYWRkaW5nOjEwcHggMCAwIDA7IGZvbnQtc2l6ZToxNHB4
ICFpbXBvcnRhbnQ7IHdpZHRoOiAxMDAlOyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIDxkaXYgc3R5bGU9IndpZHRoOiAxMDAlO2ZvbnQtc2l6ZTogMTRweCAhaW1wb3J0YW50
O3dvcmQtd3JhcDpicmVhay13b3JkO3dvcmQtYnJlYWs6YnJlYWstYWxsOyI+dGVzdDAyQGNvcmVt
YWlsLmNuPC9kaXY+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAg
ICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgPC90Ym9keT4KICAgICAgICAgICAg
PC90YWJsZT4KICAgICAgICA8L2E+CiAgICAgICAgPC9kaXY+CiAgICA8L2Rpdj4KICAgIDxkaXYg
c3R5bGU9ImZvbnQtc2l6ZToxMnB4O2NvbG9yOiNiNWI5YmQ7bGluZS1oZWlnaHQ6MThweDsiPgog
ICAgICAgIDxzcGFuPuetvuWQjeeUsTwvc3Bhbj4KICAgICAgICA8YSBzdHlsZT0idGV4dC1kZWNv
cmF0aW9uOiBub25lO2NvbG9yOiM0MTk2ZmY7cGFkZGluZzowIDVweDsiIGhyZWY9Imh0dHBzOi8v
bWFpbC4xNjMuY29tL2Rhc2hpL2RscHJvLmh0bWw/ZnJvbT1tYWlsODEiPue9keaYk+mCrueuseWk
p+W4iDwvYT4KICAgICAgICA8c3Bhbj7lrprliLY8L3NwYW4+CiAgICA8L2Rpdj4KIDwvZGl2Pgo8
L2Rpdj48IS0t8J+YgC0tPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+
.

发送NOOP命令并无实际作用,主要是用于和服务器保持数据连接不要中断。

NOOP
+OK core mail

我们还可以使用DELE命令来删除指定的邮件,删除后使用LIST查看效果:

DELE 4
+OK core mail
LIST
+OK 5 19099
1 7959
2 1199
3 6445
5 2297
6 1199
.

还可以使用RSET命令来进行撤销删除的操作并且使用LIST命令查看效果

RSET
+OK core mail
LIST
+OK 6 25568
1 7959
2 1199
3 6445
4 6469
5 2297
6 1199
.

最后使用QUIT命令断开连接退出系统:

QUIT
+OK core mail
Connection closed by foreign host.

Wireshark对pop3抓包分析相关推荐

  1. 转 Wireshark和TcpDump抓包分析心得

    1. Wireshark与tcpdump介绍 Wireshark是一个网络协议检测工具,支持Windows平台和Unix平台,我一般只在Windows平台下使用Wireshark,如果是Linux的话 ...

  2. Wireshark对IMAP抓包分析

    本文主要使用Wireshark对邮件客户端使用IMAP协议接收邮件的过程进行抓包分析并使用telnet命令进行简单操作. 1.IMAP简介 IMAP和POP3两个协议基本上是目前支持和使用最广泛的邮件 ...

  3. Wireshark对SMTP抓包分析

    本文主要使用Wireshark对邮件客户端使用SMTP协议发送邮件的过程进行抓包分析并使用telnet命令进行简单操作. 1.SMTP简介 简单邮件传输协议(英语:Simple Mail Transf ...

  4. Wireshark和 TcpDump抓包分析心得

    1. Wireshark与tcpdump介绍 Wireshark是一个网络协议检测工具,支持Windows平台和Unix平台,我一般只在Windows平台下使用Wireshark,如果是Linux的话 ...

  5. Wireshark和TcpDump抓包分析心得

    为什么80%的码农都做不了架构师?>>>    ‍ 1. Wireshark与tcpdump介绍 ?Wireshark是一个网络协议检测工具,支持Windows平台和Unix平台,我 ...

  6. smtp java 抓包_[Wireshark]_003_电子邮件抓包分析

    电子邮件是我们的生活工作中经常使用的一种服务,用来联系世界各地的朋友,客户.下面我们就用Wireshark对电子邮件进行抓包. 准备工作: 邮件客户端一款(Outlook,Foxmail,KooMai ...

  7. 【愚公系列】2022年02月 wireshark系列-数据抓包分析之DNS协议

    文章目录 一.题目一 二.题目二 一.题目一 根据实验环境,本实验的步骤如下: 1.测试环境中获取DNS数据包. 2.分析DNS数据包. 任务描述:获取两种类型的DNS数据包 (1)通过浏览器访问域名 ...

  8. 【愚公系列】2023年04月 wireshark系列-数据抓包分析之ARP协议

    文章目录 前言 一.使用Netsh和ARP命令来绑定IP和MAC地址 二.使用Wireshark抓取ARP数据包 前言 ARP协议属于TCP/IP协议族中的底层协议,与常见的应用层协议不同,其了解程度 ...

  9. 【愚公系列】2022年02月 wireshark系列-数据抓包分析之IP协议

    文章目录 一.题目一 二.题目二 一.题目一 任务描述:使用Wireshark抓取IP数据包以及IP分片数据包 1.使用Wireshark抓取IP数据包 启动Wireshark,Filter选择IP协 ...

最新文章

  1. 通过改进团队流程最大限度发挥Scrum的优势
  2. 大凉山的美术课,怎么就跟英特尔扯上关系了
  3. 计算机组成原理 — 数字集成电路(芯片)
  4. mysql不支持addbatch_【MySql】Java 批量插入数据库addBatch
  5. 最常用的6种原型文件格式对比
  6. 深入信号和槽(Signals and Slots in Depth)
  7. 搭建 ELK 集群 kafka filebeat kibana logstash zookeeper elasticsearch
  8. 经纬度绘图_用编程赋能工作系列——百度VS高德经纬度互转
  9. OpenGL ES 加载3D模型
  10. 机器学习基础-线性代数学习
  11. 一行代码打印python之禅
  12. 基于canny的边缘检测算法:
  13. 神经网络反向传播算法及代码实现
  14. word文档图标变成白纸_word文档图标显示异常怎么办
  15. 麒麟v10服务器系统搭建本地源
  16. 工作这些年 (zz)
  17. 读取网络时间完整代码
  18. 自动驾驶汽车如何有助于可持续移动规划?
  19. 中消协:多款邮箱、通讯、金融理财APP过度收集个人信息!
  20. 互联网晚报 | 05月11日 星期三 | 贝壳找房启动新一轮裁员;苹果宣布停产iPod touch;朴新教育否认“宣布破产”...

热门文章

  1. Google地图开发初级篇
  2. 机械祭天法力无边:练习3.5:编写一段程序从标准输入中读入多个字符串并将它们连接在一起,输出连接成的大字符串。然后修改上述程序,用空格把输入的多个字符串分隔开来。
  3. “当当收店庆费一事”之我见
  4. 建群网培PMP每日一练2020-08-13
  5. 五线谱编辑Demo(MFC)
  6. SAP HANA Temporal Table (历史表)
  7. word毕设论文制作——封面(一)
  8. office文档***
  9. “清洁地球日”看AI与碳中和:百度OCR成无纸化办公利器
  10. faceapp一直显示选择服务器,faceapp提示choosing a serve_faceapp提示choosing a serve解决办法_玩游戏网...