Differences between revisions 8 and 9
Revision 8 as of 2007-10-12 13:02:36
Size: 2508
Editor: 196
Comment:
Revision 9 as of 2008-04-12 17:49:59
Size: 2524
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 6: Line 6:
An alternative to receive mail is the more recent ["IMAP"] protocol, which additionally allows to manage the mails on the server without moving them to the mail client first. An alternative to receive mail is the more recent [[IMAP]] protocol, which additionally allows to manage the mails on the server without moving them to the mail client first.
Line 8: Line 8:
Sending mail to a server - on the other hand - is done using ["SMTP"]. Sending mail to a server - on the other hand - is done using [[SMTP]].
Line 14: Line 14:
The successor protocol ["IMAP"] offers some advanced features (not available with POP), but both IMAP and POP protocols are still widely used today. The successor protocol [[IMAP]] offers some advanced features (not available with POP), but both IMAP and POP protocols are still widely used today.
Line 18: Line 18:
 * ["TCP"]: Typically, POP uses ["TCP"] as its transport protocol. The well known TCP port for POP traffic is 110.
 * POP uses ["MIME multipart"] to transfer attachments.
 * [[TCP]]: Typically, POP uses [[TCP]] as its transport protocol. The well known TCP port for POP traffic is 110.
 * POP uses [[MIME_multipart]] to transfer attachments.
Line 38: Line 38:
A complete list of POP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/p/pop.html display filter reference] A complete list of POP display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/p/pop.html|display filter reference]]
Line 45: Line 45:
You cannot directly filter POP protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one. You cannot directly filter POP protocols while capturing. However, if you know the [[TCP]] port used (see above), you can filter on that one.
Line 52: Line 52:
 * [http://www.ietf.org/rfc/rfc1939.txt RFC 1939] ''Post Office Protocol - Version 3''
 * [http://www.ietf.org/rfc/rfc1082.txt RFC 1082] ''POP3 Extended Service Offerings''
 * [http://www.ietf.org/rfc/rfc1734.txt RFC 1734] ''POP3 AUTHentication command''
 * [http://www.ietf.org/rfc/rfc2595.txt RFC 2595] ''Using TLS with IMAP, POP3 and ACAP''
 * [http://www.ietf.org/rfc/rfc2449.txt RFC 2449] ''POP3 Extension Mechanism''
 * [http://www.ietf.org/rfc/rfc3206.txt RFC 3206] ''The SYS and AUTH POP Response Codes''
 * [[http://www.ietf.org/rfc/rfc1939.txt|RFC 1939]] ''Post Office Protocol - Version 3''
 * [[http://www.ietf.org/rfc/rfc1082.txt|RFC 1082]] ''POP3 Extended Service Offerings''
 * [[http://www.ietf.org/rfc/rfc1734.txt|RFC 1734]] ''POP3 AUTHentication command''
 * [[http://www.ietf.org/rfc/rfc2595.txt|RFC 2595]] ''Using TLS with IMAP, POP3 and ACAP''
 * [[http://www.ietf.org/rfc/rfc2449.txt|RFC 2449]] ''POP3 Extension Mechanism''
 * [[http://www.ietf.org/rfc/rfc3206.txt|RFC 3206]] ''The SYS and AUTH POP Response Codes''
Line 59: Line 59:
 * [http://www.ietf.org/rfc/rfc918.txt RFC 918] ''POST OFFICE PROTOCOL'' (this is obsolete version 2)  * [[http://www.ietf.org/rfc/rfc918.txt|RFC 918]] ''POST OFFICE PROTOCOL'' (this is obsolete version 2)

Post Office Protocol (POP)

This protocol is widely use to receive e-Mail from a mail server.

An alternative to receive mail is the more recent IMAP protocol, which additionally allows to manage the mails on the server without moving them to the mail client first.

Sending mail to a server - on the other hand - is done using SMTP.

History

The RFC 918 describes the "POST OFFICE PROTOCOL" version 2, which is obsoleted by RFC 1939 "Post Office Protocol - Version 3" used today.

The successor protocol IMAP offers some advanced features (not available with POP), but both IMAP and POP protocols are still widely used today.

Protocol dependencies

  • TCP: Typically, POP uses TCP as its transport protocol. The well known TCP port for POP traffic is 110.

  • POP uses MIME_multipart to transfer attachments.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The POP dissector is fully functional.

Preference Settings

(XXX add links to preference settings affecting how POP is dissected).

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of POP display filter fields can be found in the display filter reference

  • Show only the POP based traffic:

     pop 

Capture Filter

You cannot directly filter POP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

  • Show only the POP based traffic:

     tcp port pop3 

  • RFC 1939 Post Office Protocol - Version 3

  • RFC 1082 POP3 Extended Service Offerings

  • RFC 1734 POP3 AUTHentication command

  • RFC 2595 Using TLS with IMAP, POP3 and ACAP

  • RFC 2449 POP3 Extension Mechanism

  • RFC 3206 The SYS and AUTH POP Response Codes

  • RFC 918 POST OFFICE PROTOCOL (this is obsolete version 2)

Discussion

POP (last edited 2008-04-12 17:49:59 by localhost)