====== Network protocols, demo ======
| Wireshark rules | ''tcp.port == 110 or tcp.port == 995''|
| TcpDump | ''tcpdump -A -i eth0 port 110 or port 995''|
===== HTTP =====
Hypertext Transfer Protocol

Describe what happens if you enter 'www.google.com' into the browser (DNS, TCP, HTTP).


   telnet <host> <port>
   telnet www.google.com 80
==== HTTP 1.0 ====


Pozn.: Napriklad stranku ''google.com'' ziskame cca po dvou redirectech:
<code>
$ telnet www.google.com 80
GET /
✔
HTTP/1.0 302 Found
Location: http://www.google.cz/?gfe_rd=cr&ei=nuA-WITHNPPf8gfQqYqIBw
====================================================================
$ telnet www.google.cz 80
GET /?gfe_rd=cr&ei=nuA-WITHNPPf8gfQqYqIBw
✔
HTTP/1.0 302 Found
Location: http://www.google.cz/?gfe_rd=cr&ei=nuA-WITHNPPf8gfQqYqIBw&gws_rd=cr                                                                    
Set-Cookie: NID=91=DJn6ORMbM...EjgF91g4f; expires=Thu, 01-Jun-2017 14:23:15 GMT; path=/; domain=.google.com; HttpOnly
====================================================================
$ telnet www.google.cz 80
GET /?gfe_rd=cr&ei=nuA-WITHNPPf8gfQqYqIBw&gws_rd=cr
✔
HTTP/1.0 200 OK
https://www.google.com/support/accounts/answer/151657?hl=en for more info."
Set-Cookie: NID=91=prZTYHBooV5O...tKu_yHeJy; expires=Thu, 01-Jun-2017 14:26:02 GMT; path=/; domain=.google.com; HttpOnly

<!doctype html ...
</code> 



==== HTTP 1.1 ====
   GET / HTTP/1.0
   Host: www.asistech.cz
   <EOL>
==== HTTPS ====
<code>
openssl s_client -connect www.google.com:443
</code>
===== E-mail protocols =====


==== SMTP ====
Simple Mail Transfer Protocol

<code>
$ telnet smtp.example.com 25
HELO cvut.cz
EHLO cvut.cz #variant

----------
HELP
MAIL FROM:
RCPT TO:
DATA
   Subject: ....
   ...
   ...
.
HELP
----------------
QUIT
</code>
==== POP3 ====
Post Office Protocol, v. 3

Wireshark: tcp.port==110 and tcp.port==995

<code>
$telnet pop3.seznam.cz 110
USER ...
PASS ...
NOOP
STAT
LIST
RETR 1
TOP 1 5 #5 lines from the 1st  msg
QUIT
</code>
=== POP3s ===
   $ openssl s_client -connect pop3.seznam.cz:995
==== IMAP ====
Internet Message Access Protocol

   $ telnet imap.seznam.cz 143
   
<code>
//remember session indicator
CAPABILITY
LOGIN <user> <pass>
EXAMINE INBOX
LIST "" INBOX
SEELCT INBOX
SEARCH unseen
FETCH "1:*" FLAGS
FETCH 1 Body[TEXT]
FETCH 1 UID
FETCH 1 FULL
UID SEARCH ALL
UID FETCH <UID> body.peek[header]
UID SEARCH UNSEEN
LOGOUT
</code>

also: uid_copy, uid_store, expunge
=== IMAP/SSL ===
   $ openssl s_client -connect imap.seznam.cz:995
===== FTP =====
File Transfer Protocol
==== Active Mode ====
(Client must have a public IP Address)
<code>
$ telnet ftp.cvut.cz 21
HELP
530 Please login with USER and PASS.

USER anonymous
PASS none@example.com
230 Login successful.

LIST
425 Use PORT or PASV first.

PORT 147,32,84,225,4,0

  > (in other terminal)
  > (PORT = 4*256+0 = 1024)

  > $ netcat -l -p 1024

LIST
</code>
==== Passive Mode ====
<code>
... (dtto)

PASV
227 Entering Passive Mode (147,32,160,17,193,213)

  > # PORT = 193*256 + 213 = 49408 + 213 = 49621
  > $ telnet 147.32.160.17 49621

LIST
150 Here comes the directory listing.
226 Directory send OK.

  > lrwxrwxrwx    1 0        0              18 May 27  2008 debian -> mirrors/debian.org
  > lwrxrwxrwx ...
</code>