Lab 5: SMTP & FTP Protocols Implementation

Back to Labs

Lab Objective

This lab focuses on implementing and analyzing SMTP (Simple Mail Transfer Protocol) and FTP (File Transfer Protocol) in Cisco Packet Tracer, along with network traffic analysis using Wireshark for various protocols including HTTP/HTTPS, DNS, TCP, and UDP.

Protocol Overview

SMTP - Simple Mail Transfer Protocol

  • Purpose: Electronic mail transmission
  • Port: 25 (server-to-server), 587 (client-to-server)
  • Transport: TCP
  • Features: Text-based protocol, uses commands like HELO, MAIL FROM, RCPT TO, DATA

FTP - File Transfer Protocol

  • Purpose: File transfer between client and server
  • Port: 21 (control), 20 (data - active mode)
  • Transport: TCP
  • Modes: Active and Passive mode

1. SMTP Implementation

Introduction to SMTP

Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (email) transmission. First defined by RFC 821 in 1982, it was last updated in 2008 with Extended SMTP additions by RFC 5321. 


# SMTP Key Points:
- Mail servers use port 25 for communication
- Clients typically use port 587 for submission
- Uses TCP for reliable delivery
- Works with POP3/IMAP for receiving emails
- Commands: HELO, MAIL FROM, RCPT TO, DATA, QUIT

SMTP Implementation Steps

Topology Setup and Configuration:

Configure and Verify Email Services:

  • Click on Mail server
  • Go to Services → Email Services
  • Enable SMTP & POP3 Service
  • Set Domain name (e.g., fast.com)
  • Add users with credentials:
Username Password
cs 123
bba 123

2. FTP Implementation

Introduction to FTP

The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network. FTP uses separate control and data connections. 


# FTP Key Points:
- Control connection: Port 21
- Data connection: Port 20 (active mode)
- Uses TCP for reliability
- Supports active and passive modes
- Commands: USER, PASS, LIST, RETR, STOR, QUIT

FTP Implementation Steps

Topology Setup and Configuration:

Let's implement FTP Service on the same topology as above.

Essential Wireshark Display Filters

http
Show HTTP requests and responses
dns
Show DNS queries and responses
tcp.port == 80
Filter HTTP traffic on port 80
tcp.port == 443
Filter HTTPS traffic on port 443
udp.port == 53
Filter DNS traffic on port 53
ip.src == x.x.x.x
Filter packets from specific source IP
ip.dst == x.x.x.x
Filter packets to specific destination IP
ip.addr == x.x.x.x
Filter packets to/from specific IP
arp
Show ARP requests and responses
icmp
Show ICMP packets (ping, traceroute)
tcp.flags.syn == 1
Show TCP SYN packets (connection initiation)
tcp.flags.fin == 1
Show TCP FIN packets (connection termination)
tcp.stream eq 1
Show specific TCP stream number
http.response.code == 200
Show HTTP 200 OK responses
http.response.code == 404
Show HTTP 404 Not Found responses
http.request.method == "GET"
Show HTTP GET requests only
http.request.method == "POST"
Show HTTP POST requests only
tls || ssl
Show TLS/SSL encrypted traffic

HTTP GET/Response Interaction


# Wireshark HTTP Analysis Steps:
1. Start Wireshark capture
2. Enter "http" in display filter
3. Browse to: http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html
4. Stop capture and analyze GET/response messages

DNS Traffic Analysis


# DNS Analysis with nslookup and Wireshark:
1. Clear DNS cache: ipconfig /flushdns
2. Start Wireshark capture
3. Run: nslookup www.mit.edu
4. Analyze DNS query/response packets
5. Note: DNS uses UDP port 53

4. Lab Questions & Exercises

SMTP Questions:

1. What ports does SMTP use for server-to-server and client-to-server communication?
2. Explain the purpose of POP3 in email systems.
3. What are the main SMTP commands and their functions?

FTP Questions:

1. Differentiate between FTP active and passive modes.
2. Why does FTP use separate control and data connections?
3. What security concerns exist with standard FTP?

5. Lab Resources

Lab 5 Task PDF

Download PDF