DOC PREVIEW
OSU BA 479 - BA479 – Lab 3: POP3 Email and Packet Sniffing

This preview shows page 1-2 out of 5 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 5 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 5 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 5 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

BA479 – Lab 3: POP3 Email and Packet SniffingPossible Points: 25 - Estimated Time: 50 minutesIntroductionLast week’s lab barely scraped the surface of Domain Name Servers. If you want more information about how these work, howstuffworks.com has a good description at http://www.howstuffworks.com/dns.htm/printable.This week you will be jumping straight into packet capture, but first you need to set up a messaging server of some sort to provide interesting data. For this lab you will set up a mail server that uses the POP3 protocol, a rather outdated (but simple) email server. You could alternatively capture instant messenger traffic, or user logins toan unsecured website, but because instant messaging is not allowed by COB policy, you will use POP3.DISCLAIMER: The use of Ethereal on campus networks is strictly forbidden. This exercise is being done on a ‘stand-alone’ network and is meant for educational purposes only.Procedure1. POP3 Email ServerThe first step is to configure your virtual server to act as a mail server. It has already been configured as a Domain Controller (as in Lab 2), and your virtual clients have joined the domain. To begin, create two users with Active Directory as you did in Lab 2. Once you have your users squared away, begin setting up your email server.Step 1.) Click Start, All Programs, Administrative Tools, Configure Your Server Wizard.2.) Click Next twice, and select Mail Server (POP3, SMTP) to install the mail server component. Click Next.3.) Ensure that the Authentication Method field is set to Active Directory – Integrated. In the Email Domain Name field, type ba479.com. Click Next. Question (2 pts): What does setting Active Directory-Integrated passwords infer?14.) Click Next, and wait while POP3 mail server is installed and configured. Click Finish once this is done.5.) Now to add user mailboxes, click Start, All Programs, Administrator Tools, POP3 Service.6.) After the POP3 Service Manager opens, click the + next to your server name. Right-click on the domain, and select New,Mailbox.7.) Name the mailbox with the user name of one of your users. Since you created your users at the beginning, make sure that create associated user for this mailbox is left unchecked.8.) The mailbox for that user is set up. Complete steps 5-7 againfor your second user.2. Configure Email Client9.) On your client virtual machines, open up Outlook Express, click Tools, Accounts…10.) Click Add, Mail. Type in the user’s full name and click Next.11.) For email address, type <username>@ba479.com. Click Next.12.) For both the incoming and outgoing mail servers, input <servername>.ba479.com.13.) Make sure that the user name is correct for the account name. Input the user password you defined when creating the user account. Leave Secure Password Authentication (SPA) unchecked. Click Next, then Finish. 14.) To test your setup, try sending an email to yourself. Did you receive it?15.) Repeat this section on the other computer to add the other user mail account.3. Packet Sniffing with EtherealFor the remainder of today’s lab, you will be using Ethereal to capture packets sent on your network. Open the Ethereal program on your client virtual machine. Click on the Capture 2Options button, and make sure that the following selections aremade:-Under Interface, VMWare Accelerated AMD PCNet adapter is selected-Capture Packets in Promiscuous Mode is checkedQuestion (2pts): What does “capture packets in promiscuous mode” mean?Now click Start. A new window will pop up displaying counts ofvarious types of packets received.Go back to Outlook Express, and write and send an email to your lab partner’s account. Make sure that he or she receives the email before switching back to Ethereal and clicking Stop. Take a look at the packets you intercepted. What kinds of packets are there?Question (2 pts): Identify the Data Link Layer information in the POP3 “Hello” packet.Question (2 pts): Identify the IP Layer information in the POP3 server’s reply to the “Hello” packet.Scroll down a little further in the packet capture. Find the pointwhere your lab partner contacts the POP3 server and downloadshis or her email. What stands out to you here?Question (2 pts): Using Ethereal, can you determine your lab partner’s email Password? If so, what is it?Question (2 pt): Is a password required to send email?3Now, create a third dummy mail account. Use Ethereal to capture packets while your lab partner (or the TA) sends a secret message to this dummy account.Question (3 pts): What was the message?Now you should be familiar with basic operation of Ethereal. This tool can be used in both beneficial and harmful ways. IT professionals use Ethereal or similar tools to look for suspicious traffic that may indicate intrusions or network problems. Alternatively, nefarious users can use Ethereal to capture passwords and gain access to restricted systems. Use of encrypted communication is a very important factor in preventing such security intrusions.Please note that it is against OSU policy to use Ethereal on the public networks. If you have a wireless laptop, please resist the temptation to sniff out packets on campus. 4Post-Lab Questions (to be completed separately):1. True/False (1 pt): Ethereal can tell you about information in all layers of an unencrypted packet.2. True/False (1 pt): SMTP communicates on TCP port 25. Hint:use Ethereal to verify this.3. Short Answer (2 pts): Would this lab be possible if a Switch were used instead of a Hub? Why or why not?4. Short Answer (2 pts): Why is it potentially dangerous to conduct sensitive business on an unsecured wireless connection?5. Short Answer (2 pts): What is SSL? Why is it important?6. Short Answer (2 pts): List three protocols that send messagesin plaintext and two protocols that send only encrypted


View Full Document
Download BA479 – Lab 3: POP3 Email and Packet Sniffing
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view BA479 – Lab 3: POP3 Email and Packet Sniffing and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view BA479 – Lab 3: POP3 Email and Packet Sniffing 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?