Capturing mail traffic with Wireshark

0

i've been trying to use Wireshark to capture an email i am sending from my smartphone on the same wifi network. I'm using Kali Linux (not a virtual machine), i am in monitor mode, i have set up the right wpa2 decryption key, i did capture the four way handshake and i am getting some decrypted traffic to and from the ip adress of my phone, like TCP, HTTP, DNS and some other ones. However i can't find any traffic with common mail protocols like POP, SMTP or IMAP, which i've heard are really easy to grab and read due to the lack of encryption. That was the main reason i got interested in this topic, to see if i as someone who has no clue about all that could "steal" the content of a mail. Does anyone have a tip for me?

Thanks in advance for your help.

Snuffduff

Posted 2018-08-10T20:28:18.300

Reputation: 3

Answers

0

Nearly all mail protocols run over TLS/SSL these days, either by upgrading after connecting (SMTP uses the STARTTLS command to upgrade) or on alternate ports that require a SSL/TLS handshake before starting to pass the protocol.

For direct TLS/SSL the following ports are used:

  • IMAP 993
  • POP3 995
  • SMTP 465

hardillb

Posted 2018-08-10T20:28:18.300

Reputation: 390

First of all thanks for your answer. How would i go about actually seeing that traffic? Do i somehow have to manually enter these ports somewhere to let wireshark know i want to capture them? – Snuffduff – 2018-08-10T20:41:43.620

Wireshark will collect the packets but without access to the private key and certificate from the server you will not be able to decrypt the traffic. – hardillb – 2018-08-10T20:43:02.273

Asked: 2018-08-10T20:28:18.300

Viewed: 232 times

Active: 2018-08-10T20:37:12.177