Loading ...
Sorry, an error occurred while loading the content.
 

how to get e-mail address in smtp header on tcp packet

Expand Messages
  • praveenjohri
    hi , i have struck with a problem how to find an e-mail adress in a tcp paket i am making a packet tapping device which have a function to tap the tcp
    Message 1 of 11 , May 7, 2002

      hi ,

      i have struck with a problem how to find an e-mail adress in a tcp paket

      i am making a packet tapping device which have a function to tap the tcp connection

      or the packets containing a perticular e-mail adddess supplied by the user.

      my problem is i dont know how the smtp is carried on tcp and where the e-mail add.

      lies in packet.

      is it so that e-mail address is always at aperticular offset in the packet

      in that    case searching will be easier.

      is is possible that if i capture all packets comming/going from tcp port23

      and search for a perticular string in tcp data to get the address......but if it is

      possible then also it will be a time consuming process consuming my cpu and

      obstructing the packet capturing engine to do its work and will also be consuming a large amount of memory also.

      hey guys show me our intelligence and give me some good information and suggestion

      right now i amtrying to read the rfc 821 and 822 to get some info......

      its urgent man!!!!!! help me

      with regards

      praveen johri

       


      Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com
      Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in
    • Gilad Ben-Yossef
      ... *our* intelligence ? indeed... ... Since you have so little respect for our time and effort that you ask for help BEFORE reading the RFCs pretaining to
      Message 2 of 11 , May 7, 2002
        On Tue, 2002-05-07 at 14:19, praveenjohri wrote:


        > hey guys show me our intelligence and give me some good information and suggestion

        "*our* intelligence"? indeed...

        > right now i amtrying to read the rfc 821 and 822 to get some info......
        > its urgent man!!!!!! help me

        Since you have so little respect for our time and effort that you ask
        for help BEFORE reading the RFCs pretaining to the subject, combined
        with the fact that the question itself illustrates that this mental
        sloppiness is a repeating offense and not a one time glitch, then the
        best advice I can possibly provide you with is...


        ### ##
        ### ##
        ### ##
        #################################################
        #################################################
        #################################################
        #################################################
        ### #### ##
        ### ####### ##
        ### ######### ##
        ############ ##
        ############### ##
        ################## ##
        ### ################ ### ###
        ### ################ ### ####
        ################## #### ###
        ############### ##### #####
        ############ ####### #######
        ########## ##################
        ####### ################
        ##### #############
        ### ########
        ###

        ##########
        ##########
        ##########
        #####
        ###
        ##
        ##
        ### ##
        ### ##
        ### ##
        #################################################
        #################################################
        #################################################
        #################################################
        ### ##
        ### ##
        ##
        ##
        ##
        ###
        #####
        ##########
        ##########

        ### ##
        ### ##
        ### ##
        #################################################
        #################################################
        #################################################
        #################################################
        ### ## ##
        ### ## ##
        ### ## ##
        ## ##
        ## ##
        ## ##
        ## ##
        ###### ##
        ########## ##
        ########## ##
        ##
        ###
        ####
        ######
        ##########
        ##########
        ### ##
        ### ##
        ### ##
        #################################################
        #################################################
        ### #############
        ### ##################
        ########################
        ##########################
        ##########################
        #########################
        ##########################
        #########################
        #############
        ##########
        ###########
        ##########
        ### ##########
        ### ##########
        ### ########
        #################################################
        #################################################
        #################################################
        #################################################
        ### ##
        ### ##

        ### ##########
        ###### #####################
        ######## ###################################
        ######## ###################################
        ###### #####################




        I hope the letters were big and the message clear enough so that even
        someone with such an acute phobia from mental work as yourself would
        udnerstand.

        Cheers,
        Gilad.

        --
        Gilad Ben-Yossef <gilad@...>
        Code mangler, senior coffee drinker and VP SIGSEGV
        Qlusters ltd.

        "To err is human. To realy fsck up you need a computer. For
        those really large scale disastears, an SSI cluster is a must."
      • Tzafrir Cohen
        hint: Worng list [It seems that clarification messages in private mail did not do the job] -- Tzafrir Cohen mailto:tzafrir@technion.ac.il
        Message 3 of 11 , May 7, 2002
          hint: Worng list

          [It seems that clarification messages in private mail did not do the job]

          --
          Tzafrir Cohen
          mailto:tzafrir@...
          http://www.technion.ac.il/~tzafrir
        • Arik Baratz
          This is slightly off-topic, but I ll answer it anyways. First of all, some inaccuracies that you have: 1. The standard SMTP port is 25, not 23 2. The SMTP RFC
          Message 4 of 11 , May 7, 2002
             
            This is slightly off-topic, but I'll answer it anyways.
             
            First of all, some inaccuracies that you have:
             
            1. The standard SMTP port is 25, not 23
            2. The SMTP RFC number is 821. You shouldn't care much for RFC822, it makes sense if you want to examine the message itself, but you are interested in the envelope.
             
            Now, since the address is not at a fixed offset, and not necessarily in the first packet, and may be fragmented over packets, you need to do a full tcp reassembly on the packets you listen to. You can do it yourself, but then you have to learn a lot of TCP (RFC 793 IIRC). There is a library that can do it for you, it's called "libndis" IIRC.
             
            Once you assembled the incoming TCP stream (the one which destination port is 25), it's fairly easy to search for the commands that contain the address, namely the MAIL command and the RCPT command, fors ender and recepient(s), respectively. Go to RFC821 for more details. There's another RFC for the ESMTP protocol, but it's mostly irrelevant if you're only interested in the senders / recepients.
             
            I sure hope you're not going to use your program for spamming. I guess that if you're a spammer it wouldn't stop you if I didn't help, but if you are, remember that it is illegal in most countries today. It is also pretty easy to find out where spam came from. An internet provider recently won a large lawsuit against a company that used his internet connection for spamming.
             
            Take care!
             
            -- Arik
            -----Original Message-----
            From: praveenjohri [mailto:praveenjohri@...]
            Sent: Tuesday, May 07, 2002 1:19 PM
            To: hackers-il@yahoogroups.com
            Subject: [hackers-il] how to get e-mail address in smtp header on tcp packet

            hi ,

            i have struck with a problem how to find an e-mail adress in a tcp paket

            i am making a packet tapping device which have a function to tap the tcp connection

            or the packets containing a perticular e-mail adddess supplied by the user.

            my problem is i dont know how the smtp is carried on tcp and where the e-mail add.

            lies in packet.

            is it so that e-mail address is always at aperticular offset in the packet

            in that    case searching will be easier.

            is is possible that if i capture all packets comming/going from tcp port23

            and search for a perticular string in tcp data to get the address......but if it is

            possible then also it will be a time consuming process consuming my cpu and

            obstructing the packet capturing engine to do its work and will also be consuming a large amount of memory also.

            hey guys show me our intelligence and give me some good information and suggestion

            right now i amtrying to read the rfc 821 and 822 to get some info......

            its urgent man!!!!!! help me

            with regards

            praveen johri

             


            Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com
            Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in

            To unsubscribe from this group, send an email to:
            hackers-il-unsubscribe@egroups.com



            Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


            ********************************************************
            This email has been scanned by Port Authority.

            ********************************************************
          • praveenjohri
            hi, can anybody just tell me that does libnids can take input fo tcp reassembly from user defined socket fd i.e. my lsf socket . since i am capturing all
            Message 5 of 11 , May 11, 2002

              hi,

              can anybody just tell me that does libnids can take input fo tcp reassembly from

              user defined socket fd i.e. my lsf socket .

              since i am capturing all packets arising -tcp with src/dst por 25 and i want to make

              out from these packets that wether they contain required email address or not

              bit for this i want reassembly to be done on those packets provided on my socket

              and if many streams have to be build to track the connections then also for every stream the input of packets should be from my socket only otherwise if libnids try

              its own ways then what is the use of making my own filter its all in vain.....

              with regards

              praveen johri


              Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com
              Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in
            • Tzafrir Cohen
              On Sat, 11 May 2002, praveenjohri [a.k.a. ... [snip] whoever wrote this mail message: either this is serious, and this means to simply don t follow this list,
              Message 6 of 11 , May 11, 2002
                On Sat, 11 May 2002, praveenjohri [a.k.a.
                spookyduck@yahoogroups.com, according to the headers] wrote:

                > can anybody just tell me that does libnids can take input fo tcp
                > reassembly from user defined socket fd i.e. my lsf socket .

                [snip]

                whoever wrote this mail message:

                either this is serious, and this means to simply don't follow this list,
                and thus are simply clueless and do pay any respect to this list's
                members:

                There are better places to look for help. this list is not one of them.
                Not now, certainly.


                Or this is yet another faked help request, and in this case:

                It is not funny anymore


                Chen, OmerM: it seems that polite requests and flames were not enough. I
                figure that next thing to do is banninng, right?

                Everybody else: please avoid MeToo-s, clever comments and flames. Let's
                keep a decent signal/noise ratio. Those threads have been enough (at least
                for me)

                Thanks

                --
                Tzafrir Cohen
                mailto:tzafrir@...
                http://www.technion.ac.il/~tzafrir
              • Nadav Har'El
                ... Yes, Mr. Johri, many people can tell you that, but not on this list! As we tried to explain time and again, this list IS NOT about solving people s
                Message 7 of 11 , May 11, 2002
                  On Sat, May 11, 2002, praveenjohri wrote about "Re: RE: [hackers-il] how to get e-mail address in smtp header on tcp packet":
                  > can anybody just tell me that does libnids can take input fo tcp reassembly from

                  Yes, Mr. Johri, many people can tell you that, but not on this list! As we
                  tried to explain time and again, this list IS NOT about solving people's
                  programming questions, and when we rarely do discuss specific programming
                  issues, it's about broader and interesting issues, not problems you are
                  facing in your work.
                  If you want to ask questions such as these, you should try Linux-specific
                  lists, such as (if you want an Israeli list) linux-il (use google to find
                  it).

                  Who has reached rock bottom and shows signs of starting to dig?
                  Which of you got into the gene pool while the lifeguard wasn't watching?
                  Whose brain is in mint condition, because it's never been used?
                  Which of you is as sharp as a marble?
                  Which one of you pirates is about to walk the plank?

                  You ARE the Weakest Link... Goodbye!


                  P.S. Don't take the Weakest Link quotes above personally (or seriously).
                  I'm just having fun ;) See http://www.bbc.co.uk/weakestlink/ for more info.


                  --
                  Nadav Har'El | Saturday, May 11 2002, 1 Sivan 5762
                  nyh@... |-----------------------------------------
                  Phone: +972-53-245868, ICQ 13349191 |Willpower: The ability to eat only one
                  http://nadav.harel.org.il |salted peanut.
                • Arik Baratz
                  Hello Johri This is your third question to the list. From your questions, you clearly have not bothered to read the documentation that comes with libnids (I
                  Message 8 of 11 , May 12, 2002
                     
                    Hello Johri
                     
                    This is your third question to the list.
                     
                    From your questions, you clearly have not bothered to read the documentation that comes with libnids (I know, because I have, and I know it answers your questions in full).
                     
                    I think I speak for the rest of us when I say that we wish to help only those who help themselves, and therefore will not answer any of your questions anymore.
                     
                    Please don't be offended but take it as a hint: Go do the research before you ask stupid questions.
                     
                    Regards,
                     
                    -- Arik
                    -----Original Message-----
                    From: praveenjohri [mailto:praveenjohri@...]
                    Sent: Saturday, May 11, 2002 8:12 PM
                    To: hackers-il@yahoogroups.com
                    Subject: Re: RE: [hackers-il] how to get e-mail address in smtp header on tcp packet



                    hi,

                    can anybody just tell me that does libnids can take input fo tcp reassembly from

                    user defined socket fd i.e. my lsf socket .

                    since i am capturing all packets arising -tcp with src/dst por 25 and i want to make

                    out from these packets that wether they contain required email address or not

                    bit for this i want reassembly to be done on those packets provided on my socket

                    and if many streams have to be build to track the connections then also for every stream the input of packets should be from my socket only otherwise if libnids try

                    its own ways then what is the use of making my own filter its all in vain.....

                    with regards

                    praveen johri


                    Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com
                    Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in

                    To unsubscribe from this group, send an email to:
                    hackers-il-unsubscribe@egroups.com



                    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
                  • Dan Nanciu
                    I need a Linux system. __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com
                    Message 9 of 11 , May 13, 2002
                      I need a Linux system.

                      __________________________________________________
                      Do You Yahoo!?
                      LAUNCH - Your Yahoo! Music Experience
                      http://launch.yahoo.com
                    • Arik Baratz
                      1. Buy hardware 2. Download and/or burn CDs 3. Install Linux This is not the best group to be hanging around asking this questions. I suggest you look for a
                      Message 10 of 11 , May 13, 2002
                        1. Buy hardware
                        2. Download and/or burn CDs
                        3. Install Linux

                        This is not the best group to be hanging around asking this questions. I suggest you look for a beginners group regarding Linux. Search yahoo groups - you're bound to find one.

                        -- Arik

                        -----Original Message-----
                        From: Dan Nanciu [mailto:muad_dib23us@...]
                        Sent: Monday, May 13, 2002 7:23 PM
                        To: hackers-il@yahoogroups.com
                        Subject: [hackers-il] Help me



                        I need a Linux system.

                        __________________________________________________
                        Do You Yahoo!?
                        LAUNCH - Your Yahoo! Music Experience
                        http://launch.yahoo.com


                        To unsubscribe from this group, send an email to:
                        hackers-il-unsubscribe@egroups.com



                        Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/



                        *
                        *******************************************************
                        This email has been scanned by Port Authority.

                        ********************************************************
                      • Nadav Har'El
                        ... Do we now have a May Fool s Month , modeled after April Fool s Day , but much longer and even more annoying? Why is everybody on this list suddenly
                        Message 11 of 11 , May 13, 2002
                          On Mon, May 13, 2002, Dan Nanciu wrote about "[hackers-il] Help me":
                          >
                          > I need a Linux system.

                          Do we now have a "May Fool's Month", modeled after "April Fool's Day", but
                          much longer and even more annoying?

                          Why is everybody on this list suddenly asking stupid and irrelevant questions?
                          In this case, it wasn't even a question! How is anybody supposed to answer
                          or discuss such a statement?? (this is not a rhetorical question, I would
                          appreciate an answer)

                          muad_dib23us@... (Dan, if that's your real name. The only thing I can
                          verify is that you sent your message via some obscure Romanian ISP,
                          supposedly part of KPNQwest), what did you try to achieve with this message?
                          You have been a subscriber of this list for almost a year now. Does your
                          "I need a Linux system" plea strike you even remotely relevant to our
                          discussions in the last year? Did you really think that people would
                          understand what it was exactly that you wanted to ask?


                          Who is failing to meet the low standards they set themselves?
                          Which of you is depriving a village somewhere of an idiot?
                          Who is more the missing link than the weakest link?
                          You ARE the Weakest Link... Goodbye!

                          --
                          Nadav Har'El | Monday, May 13 2002, 3 Sivan 5762
                          nyh@... |-----------------------------------------
                          Phone: +972-53-245868, ICQ 13349191 |If you lost your left arm, your right arm
                          http://nadav.harel.org.il |would be left.
                        Your message has been successfully submitted and would be delivered to recipients shortly.