Sniffer different network protocols

Get the latest on wired & wireless, talk network setups, get help with connectivity problems, web hosts, etc.
Post Reply
Posts: 18
Joined: Wed Aug 17, 2011 1:42 pm

Sniffer different network protocols

Post by CaptainCheeseTits » Sun Sep 04, 2011 6:33 pm

I've been reading up on email protocols to figure out how they work so I decided to see what shows up in wireshark when I use thunderbird to receive emails but the only protocols that showed up were DNS, TCP, TLSv1 and HTTP in that order. No POP or IMAP? I saw that Thunderbird sent a DNS request to gmails IMAP server or at least the URL Is that just a DNS server located at Anyhow why are there no email protocols showing up? I really want to gain a somewhat decent understanding of TCP/IP but it confuses the hell out of me sometimes. I learn best by doing what I'm learning about, can anyone recommend an activity (i.e. programming something or monitoring different activities with wireshark) that gives insight into how TCP/IP works? I read a tutorial on HTTP a while ago and found out how to make the HTTP requests with telnet which was pretty cool. Can I communicate with all application layer protocol servers like this? For example can I use telnet to tell my DHCP server to assign me a 2nd IP?

User avatar
Not a sandwich
Posts: 1881
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d

Re: Sniffer different network protocols

Post by Cool_Fire » Mon Sep 05, 2011 11:52 am

It's not showing up as IMAP because it's a secured connection. It shows up as TLSv1, in this case. Since that traffic is encrypted, wireshark can not see what the encrypted traffic really is, so it just tells you "Some traffic, TLSv1 encrypted."

As for using telnet to do different stuff, well it depends.
Some protocols are human readable, like HTTP and SMTP. Others are partially human readable, like FTP.
Others are pretty much lost to telnet, like MySQL or any SSL encrypted connection.
As for the specific example of DHCP: I'm not sure. I think it's not a text based protocol.

If you want to be sure about any protocol, you can read the RFC (the protocol specification, if you will.)
Here's the RFC for DHCP:
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply