While sending or receiving an email ,our browser uses two protocols:
SMTP(Simple mail transfer protocol)Port 25
POP(Post office protocol)Port 110
Whenever click on the send button of your browser for sending a mail,
the mail first reaches the Source mail server from there it goes to Int-
erim mail server from there it moves to Destination mail server and at
last to destination inbox.
So as you see its not a complicated process and can be described by
the following diagram:
Sender Outbox-----> Source Mail Server-----> Interim Mail Servers----->
Destination Mail Server------> Destination Inbox.
All the emails does not travel alone they carry email header with them.
This email header reveals the path taken by the email to reach its
destination.
Tracing Time:
Here I will take a real life example of a email that was send to me.
The email header is:
From John Fri Jun 25 20:36:53 2010
X-Apparently-To: divya_football@yahoo.co.in via 203.104.17.163; Fri, 25 Jun 2010 20:36:53 +0530
Return-Path: <dt_biz@terenciri.com>
X-YahooFilteredBulk: 209.124.87.14
X-Originating-IP: [209.124.87.14]
Received: from 209.124.87.14 (HELO org.pickepair.com) (209.124.87.14)
by mta189.mail.in.yahoo.com with SMTP; Fri, 25 Jun 2010 20:36:53 +0530
From: John <DT_Biz@terenciri.com>
Subject:Stop paying for CDs.
Date: Fri, 25 Jun 2010 11:06:53 EDT
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
Before tracing the first thing is to divide the mails in 3-4 lines and then
I will explain you each line.
So lets begin:
Date: Fri, 25 Jun 2010 11:06:53 EDT
From: John <DT_Biz@terenciri.com>
Subject:Stop paying for CDs.
Date: Fri, 25 Jun 2010 11:06:53 EDT
This line tells us the date on which the mail was sent to me.
From: John <DT_Biz@terenciri.com>
This line tells me the email of the person who sent the the mail.
This line tells us to whom the mail was sent , in this case it is my email.
Subject:Stop paying for CDs.
This line tells us the subject of the message.
X-Apparently-To: divya_football@yahoo.co.in via 203.104.17.163; Fri, 25 Jun 2010 20:36:53 +0530
Return-Path: <dt_biz@terenciri.com>
X-YahooFilteredBulk: 209.124.87.14
X-Apparently-To: divya_football@yahoo.co.in via 203.104.17.163; Fri, 25 Jun 2010 20:36:53 +0530
This line tells me the that the message was sent to my email via 203.104.17.163
on Friday 25th june 2010.
Return-Path: <dt_biz@terenciri.com>
again this line tells me the email of the person who send me this mail.
X-YahooFilteredBulk: 209.124.87.14
This line tells me that the message was filtered by 209.124.87.14
X-Originating-IP: [209.124.87.14]
This line tells me the IP address of the person who send me this email.
Received: from 209.124.87.14 (HELO org.pickepair.com) (209.124.87.14)
by mta189.mail.in.yahoo.com with SMTP; Fri, 25 Jun 2010 20:36:53 +0530
Again this line tells us the IP address of the person who sent this mail
and contain some SMTP command which you will learn in the next lesson.
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
MIME-Version: 1.0
This line tells me the software that the attacker used to send me the
message
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
This line tells me the type of the text the email used.
The header can be viewed by going to action in yahoomail and in gmail it would be found in settings. If you use some other website then the best way is to find it using google.
Now if you hve got the IP ddress wht cn you do?
The answer is very simple you can just do a whois scan for that IP address.
Whois is a tool that has information about all the hosts.When i did a whois scan for the above IP address it reavels the following information:
No comments:
Post a Comment