SMTP 协议抓包理解

代码

下面是一个使用 Python 自带模块进行 smtp 发信的程序（记忆中之前有某个的 ssl 库有问题，会导致smtplib.SMTP_SSL() 报错）

import smtplib
from email.mime.text import MIMEText
from email.header import Header
from email.utils import formataddr


def localSMTP():
    smtpObj = smtplib.SMTP('localhost')
    return smtpObj


def thirdSMTP(_host, _user, _password, _port=25):
    smtpObj = smtplib.SMTP(_host, _port)
    # 如果是 SSL 需要用下面的端口建立通信
    # smtpObj = smtplib.SMTP_SSL(_host, _port)
    print("connecting...")
    smtpObj.connect(_host, _port)
    print("loging...")
    smtpObj.login(_user, _password)
    return smtpObj


def sendEmail(_from, _fromname, _to, _toname, _subject, _message, _smtp):
    message = MIMEText(_message, 'html', 'utf-8')
    message['From'] = formataddr([_fromname, _from])  # 括号里的对应发件人邮箱昵称、发件人邮箱账号
    message['To'] = formataddr([_toname, _to])
    message['Subject'] = Header(_subject, 'utf-8')

    print('\n【sendemail】 from:%s(%s) to:%s(%s) subject:%s message:%s'
          % (_from, _fromname, _to, _toname, _subject, _message))
    try:
        _smtp.sendmail(_from, _to, message.as_string())
        print("邮件发送成功")
    except smtplib.SMTPException as e:
        print("Error: 无法发送邮件", e)


def Email(_to, _subject, _message):
    config = getSiteConfigDict()
    if config['smtp']['value'] == '1':
        sendEmail(config['smtpemail']['value'], config['smtpemail']['value'],
                  _to,  _to,
                  _subject, _message,
                  thirdSMTP(config['smtpservice']['value'], config['smtpuser']['value'],
                            config['smtppassword']['value'], config['smtpport']['value']))


if __name__ == '__main__':
    ThirdSMTP = thirdSMTP(
        "smtp.exmail.qq.com",
        "oyohyee@oyohyee.com",
        "密码",
        25,
    )
    sendEmail(
        "oyohyee@oyohyee.com",
        "sender",
        "oyohyee@oyohyee.com",
        "OhYee",
        "测试",
        "<a href='www.oyohyee.com'>OhYee</a>",
        ThirdSMTP,
    )

发信参数如下：

SMTP 服务器: smtp.exmail.qq.com:25
发信验证账户: oyohyee@oyohyee.com
发信人: oyohyee@oyohyee.com，名称为 sender
收信人: oyohyee@oyohyee.com，名称为 OhYee
邮件标题: 测试
邮件正文: <a href='www.oyohyee.com'>OhYee</a>

抓包结果

简单的抓包结果如下，其中密码部分被删去

$ tcpdump port 25 -A -t -ns 0 -X -r smtp.pcap
reading from file 2.pcap, link-type EN10MB (Ethernet), snapshot length 262144
IP 172.21.33.204.41510 > 198.18.3.220.25: Flags [S], seq 1632763960, win 64240, options [mss 1460,sackOK,TS val 3567091067 ecr 0,nop,wscale 7], length 0
        0x0000:  4500 003c e969 4000 4006 b982 ac15 21cc  E..<.i@.@.....!.
        0x0010:  c612 03dc a226 0019 6152 0038 0000 0000  .....&..aR.8....
        0x0020:  a002 faf0 97fe 0000 0204 05b4 0402 080a  ................
        0x0030:  d49d 7d7b 0000 0000 0103 0307            ..}{........
IP 198.18.3.220.25 > 172.21.33.204.41510: Flags [S.], seq 456810032, ack 1632763961, win 28960, options [mss 1460,sackOK,TS val 4209887556 ecr 3567091067,nop,wscale 5], length 0
        0x0000:  4500 003c 0000 4000 3f06 a3ec c612 03dc  E..<..@.?.......
        0x0010:  ac15 21cc 0019 a226 1b3a 5e30 6152 0039  ..!....&.:^0aR.9
        0x0020:  a012 7120 ab80 0000 0204 05b4 0402 080a  ..q.............
        0x0030:  faed c944 d49d 7d7b 0103 0305            ...D..}{....
IP 172.21.33.204.41510 > 198.18.3.220.25: Flags [.], ack 1, win 502, options [nop,nop,TS val 3567091068 ecr 4209887556], length 0
        0x0000:  4500 0034 e96a 4000 4006 b989 ac15 21cc  E..4.j@.@.....!.
        0x0010:  c612 03dc a226 0019 6152 0039 1b3a 5e31  .....&..aR.9.:^1
        0x0020:  8010 01f6 97f6 0000 0101 080a d49d 7d7c  ..............}|
        0x0030:  faed c944                                ...D
IP 198.18.3.220.25 > 172.21.33.204.41510: Flags [P.], seq 1:39, ack 1, win 905, options [nop,nop,TS val 4209887659 ecr 3567091068], length 38: SMTP: 220 smtp.qq.com Esmtp QQ Mail Server
        0x0000:  4500 005a cf71 4000 3f06 d45c c612 03dc  E..Z.q@.?..\....
        0x0010:  ac15 21cc 0019 a226 1b3a 5e31 6152 0039  ..!....&.:^1aR.9
        0x0020:  8018 0389 f263 0000 0101 080a faed c9ab  .....c..........
        0x0030:  d49d 7d7c 3232 3020 736d 7470 2e71 712e  ..}|220.smtp.qq.
        0x0040:  636f 6d20 4573 6d74 7020 5151 204d 6169  com.Esmtp.QQ.Mai
        0x0050:  6c20 5365 7276 6572 0d0a                 l.Server..
IP 172.21.33.204.41510 > 198.18.3.220.25: Flags [.], ack 39, win 502, options [nop,nop,TS val 3567091172 ecr 4209887659], length 0
        0x0000:  4500 0034 e96b 4000 4006 b988 ac15 21cc  E..4.k@.@.....!.
        0x0010:  c612 03dc a226 0019 6152 0039 1b3a 5e57  .....&..aR.9.:^W
        0x0020:  8010 01f6 97f6 0000 0101 080a d49d 7de4  ..............}.
        0x0030:  faed c9ab                                ....
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [S], seq 1644386066, win 64240, options [mss 1460,sackOK,TS val 3567091179 ecr 0,nop,wscale 7], length 0
        0x0000:  4500 003c dbfc 4000 4006 c6ef ac15 21cc  E..<..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 5712 0000 0000  .....(..b.W.....
        0x0020:  a002 faf0 97fe 0000 0204 05b4 0402 080a  ................
        0x0030:  d49d 7deb 0000 0000 0103 0307            ..}.........
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [S.], seq 2824916353, ack 1644386067, win 28960, options [mss 1460,sackOK,TS val 4209887668 ecr 3567091179,nop,wscale 5], length 0
        0x0000:  4500 003c 0000 4000 3f06 a3ec c612 03dc  E..<..@.?.......
        0x0010:  ac15 21cc 0019 a228 a860 cd81 6203 5713  ..!....(.`..b.W.
        0x0020:  a012 7120 569b 0000 0204 05b4 0402 080a  ..q.V...........
        0x0030:  faed c9b4 d49d 7deb 0103 0305            ......}.....
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [.], ack 1, win 502, options [nop,nop,TS val 3567091181 ecr 4209887668], length 0
        0x0000:  4500 0034 dbfd 4000 4006 c6f6 ac15 21cc  E..4..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 5713 a860 cd82  .....(..b.W..`..
        0x0020:  8010 01f6 97f6 0000 0101 080a d49d 7ded  ..............}.
        0x0030:  faed c9b4                                ....
IP 172.21.33.204.41510 > 198.18.3.220.25: Flags [F.], seq 1, ack 39, win 502, options [nop,nop,TS val 3567091181 ecr 4209887659], length 0
        0x0000:  4500 0034 e96c 4000 4006 b987 ac15 21cc  E..4.l@.@.....!.
        0x0010:  c612 03dc a226 0019 6152 0039 1b3a 5e57  .....&..aR.9.:^W
        0x0020:  8011 01f6 97f6 0000 0101 080a d49d 7ded  ..............}.
        0x0030:  faed c9ab                                ....
IP 198.18.3.220.25 > 172.21.33.204.41510: Flags [F.], seq 39, ack 2, win 905, options [nop,nop,TS val 4209887672 ecr 3567091181], length 0
        0x0000:  4500 0034 cf72 4000 3f06 d481 c612 03dc  E..4.r@.?.......
        0x0010:  ac15 21cc 0019 a226 1b3a 5e57 6152 003a  ..!....&.:^WaR.:
        0x0020:  8011 0389 46d4 0000 0101 080a faed c9b8  ....F...........
        0x0030:  d49d 7ded                                ..}.
IP 172.21.33.204.41510 > 198.18.3.220.25: Flags [.], ack 40, win 502, options [nop,nop,TS val 3567091185 ecr 4209887672], length 0
        0x0000:  4500 0034 e96d 4000 4006 b986 ac15 21cc  E..4.m@.@.....!.
        0x0010:  c612 03dc a226 0019 6152 003a 1b3a 5e58  .....&..aR.:.:^X
        0x0020:  8010 01f6 97f6 0000 0101 080a d49d 7df1  ..............}.
        0x0030:  faed c9b8                                ....
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 1:39, ack 1, win 905, options [nop,nop,TS val 4209887771 ecr 3567091181], length 38: SMTP: 220 smtp.qq.com Esmtp QQ Mail Server
        0x0000:  4500 005a 8c8c 4000 3f06 1742 c612 03dc  E..Z..@.?..B....
        0x0010:  ac15 21cc 0019 a228 a860 cd82 6203 5713  ..!....(.`..b.W.
        0x0020:  8018 0389 9d7d 0000 0101 080a faed ca1b  .....}..........
        0x0030:  d49d 7ded 3232 3020 736d 7470 2e71 712e  ..}.220.smtp.qq.
        0x0040:  636f 6d20 4573 6d74 7020 5151 204d 6169  com.Esmtp.QQ.Mai
        0x0050:  6c20 5365 7276 6572 0d0a                 l.Server..
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [.], ack 39, win 502, options [nop,nop,TS val 3567091284 ecr 4209887771], length 0
        0x0000:  4500 0034 dbfe 4000 4006 c6f5 ac15 21cc  E..4..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 5713 a860 cda8  .....(..b.W..`..
        0x0020:  8010 01f6 97f6 0000 0101 080a d49d 7e54  ..............~T
        0x0030:  faed ca1b                                ....
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [P.], seq 1:25, ack 39, win 502, options [nop,nop,TS val 3567091284 ecr 4209887771], length 24: SMTP: ehlo OhYee.localdomain
        0x0000:  4500 004c dbff 4000 4006 c6dc ac15 21cc  E..L..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 5713 a860 cda8  .....(..b.W..`..
        0x0020:  8018 01f6 980e 0000 0101 080a d49d 7e54  ..............~T
        0x0030:  faed ca1b 6568 6c6f 204f 6859 6565 2e6c  ....ehlo.OhYee.l
        0x0040:  6f63 616c 646f 6d61 696e 0d0a            ocaldomain..
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [.], ack 25, win 905, options [nop,nop,TS val 4209887774 ecr 3567091284], length 0
        0x0000:  4500 0034 8c8d 4000 3f06 1767 c612 03dc  E..4..@.?..g....
        0x0010:  ac15 21cc 0019 a228 a860 cda8 6203 572b  ..!....(.`..b.W+
        0x0020:  8010 0389 f1eb 0000 0101 080a faed ca1e  ................
        0x0030:  d49d 7e54                                ..~T
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 39:175, ack 25, win 905, options [nop,nop,TS val 4209887824 ecr 3567091284], length 136: SMTP: 250-smtp.qq.com
        0x0000:  4500 00bc 8c8e 4000 3f06 16de c612 03dc  E.....@.?.......
        0x0010:  ac15 21cc 0019 a228 a860 cda8 6203 572b  ..!....(.`..b.W+
        0x0020:  8018 0389 d0aa 0000 0101 080a faed ca50  ...............P
        0x0030:  d49d 7e54 3235 302d 736d 7470 2e71 712e  ..~T250-smtp.qq.
        0x0040:  636f 6d0d 0a32 3530 2d50 4950 454c 494e  com..250-PIPELIN
        0x0050:  494e 470d 0a32 3530 2d53 495a 4520 3733  ING..250-SIZE.73
        0x0060:  3430 3033 3230 0d0a 3235 302d 5354 4152  400320..250-STAR
        0x0070:  5454 4c53 0d0a 3235 302d 4155 5448 204c  TTLS..250-AUTH.L
        0x0080:  4f47 494e 2050 4c41 494e 0d0a 3235 302d  OGIN.PLAIN..250-
        0x0090:  4155 5448 3d4c 4f47 494e 0d0a 3235 302d  AUTH=LOGIN..250-
        0x00a0:  4d41 494c 434f 4d50 5245 5353 0d0a 3235  MAILCOMPRESS..25
        0x00b0:  3020 3842 4954 4d49 4d45 0d0a            0.8BITMIME..
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [.], ack 175, win 501, options [nop,nop,TS val 3567091337 ecr 4209887824], length 0
        0x0000:  4500 0034 dc00 4000 4006 c6f3 ac15 21cc  E..4..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 572b a860 ce30  .....(..b.W+.`.0
        0x0020:  8010 01f5 97f6 0000 0101 080a d49d 7e89  ..............~.
        0x0030:  faed ca50                                ...P
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [P.], seq 25:82, ack 175, win 501, options [nop,nop,TS val 3567091338 ecr 4209887824], length 57: SMTP: AUTH PLAIN XXXXXXXXX(账户密码)
        0x0000:  4500 006d dc01 4000 4006 c6b9 ac15 21cc  E..m..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 572b a860 ce30  .....(..b.W+.`.0
        0x0020:  8018 01f5 982f 0000 0101 080a d49d 7e8a  ...../........~.
        0x0030:  faed ca50 4155 5448 2050 4c41 494e 2041  ...PAUTH.PLAIN.A
		XXXXXXXXX(账户密码)
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [.], ack 82, win 905, options [nop,nop,TS val 4209887827 ecr 3567091338], length 0
        0x0000:  4500 0034 8c8f 4000 3f06 1765 c612 03dc  E..4..@.?..e....
        0x0010:  ac15 21cc 0019 a228 a860 ce30 6203 5764  ..!....(.`.0b.Wd
        0x0020:  8010 0389 f0bf 0000 0101 080a faed ca53  ...............S
        0x0030:  d49d 7e8a                                ..~.
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 175:206, ack 82, win 905, options [nop,nop,TS val 4209887989 ecr 3567091338], length 31: SMTP: 235 Authentication successful
        0x0000:  4500 0053 8c90 4000 3f06 1745 c612 03dc  E..S..@.?..E....
        0x0010:  ac15 21cc 0019 a228 a860 ce30 6203 5764  ..!....(.`.0b.Wd
        0x0020:  8018 0389 6882 0000 0101 080a faed caf5  ....h...........
        0x0030:  d49d 7e8a 3233 3520 4175 7468 656e 7469  ..~.235.Authenti
        0x0040:  6361 7469 6f6e 2073 7563 6365 7373 6675  cation.successfu
        0x0050:  6c0d 0a                                  l..
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [.], ack 206, win 501, options [nop,nop,TS val 3567091502 ecr 4209887989], length 0
        0x0000:  4500 0034 dc02 4000 4006 c6f1 ac15 21cc  E..4..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 5764 a860 ce4f  .....(..b.Wd.`.O
        0x0020:  8010 01f5 97f6 0000 0101 080a d49d 7f2e  ................
        0x0030:  faed caf5                                ....
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [P.], seq 82:124, ack 206, win 501, options [nop,nop,TS val 3567091507 ecr 4209887989], length 42: SMTP: mail FROM:<oyohyee@oyohyee.com> size=248
        0x0000:  4500 005e dc03 4000 4006 c6c6 ac15 21cc  E..^..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 5764 a860 ce4f  .....(..b.Wd.`.O
        0x0020:  8018 01f5 9820 0000 0101 080a d49d 7f33  ...............3
        0x0030:  faed caf5 6d61 696c 2046 524f 4d3a 3c6f  ....mail.FROM:<o
        0x0040:  796f 6879 6565 406f 796f 6879 6565 2e63  yohyee@oyohyee.c
        0x0050:  6f6d 3e20 7369 7a65 3d32 3438 0d0a       om>.size=248..
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [.], ack 124, win 905, options [nop,nop,TS val 4209887996 ecr 3567091507], length 0
        0x0000:  4500 0034 8c91 4000 3f06 1763 c612 03dc  E..4..@.?..c....
        0x0010:  ac15 21cc 0019 a228 a860 ce4f 6203 578e  ..!....(.`.Ob.W.
        0x0020:  8010 0389 ef24 0000 0101 080a faed cafc  .....$..........
        0x0030:  d49d 7f33                                ...3
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 206:214, ack 124, win 905, options [nop,nop,TS val 4209888090 ecr 3567091507], length 8: SMTP: 250 Ok
        0x0000:  4500 003c 8c92 4000 3f06 175a c612 03dc  E..<..@.?..Z....
        0x0010:  ac15 21cc 0019 a228 a860 ce4f 6203 578e  ..!....(.`.Ob.W.
        0x0020:  8018 0389 2fec 0000 0101 080a faed cb5a  ..../..........Z
        0x0030:  d49d 7f33 3235 3020 4f6b 0d0a            ...3250.Ok..
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [P.], seq 124:155, ack 214, win 501, options [nop,nop,TS val 3567091603 ecr 4209888090], length 31: SMTP: rcpt TO:<oyohyee@oyohyee.com>
        0x0000:  4500 0053 dc04 4000 4006 c6d0 ac15 21cc  E..S..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 578e a860 ce57  .....(..b.W..`.W
        0x0020:  8018 01f5 9815 0000 0101 080a d49d 7f93  ................
        0x0030:  faed cb5a 7263 7074 2054 4f3a 3c6f 796f  ...Zrcpt.TO:<oyo
        0x0040:  6879 6565 406f 796f 6879 6565 2e63 6f6d  hyee@oyohyee.com
        0x0050:  3e0d 0a                                  >..
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [.], ack 155, win 905, options [nop,nop,TS val 4209888092 ecr 3567091603], length 0
        0x0000:  4500 0034 8c93 4000 3f06 1761 c612 03dc  E..4..@.?..a....
        0x0010:  ac15 21cc 0019 a228 a860 ce57 6203 57ad  ..!....(.`.Wb.W.
        0x0020:  8010 0389 ee3d 0000 0101 080a faed cb5c  .....=.........\
        0x0030:  d49d 7f93                                ....
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 214:222, ack 155, win 905, options [nop,nop,TS val 4209888151 ecr 3567091603], length 8: SMTP: 250 Ok
        0x0000:  4500 003c 8c94 4000 3f06 1758 c612 03dc  E..<..@.?..X....
        0x0010:  ac15 21cc 0019 a228 a860 ce57 6203 57ad  ..!....(.`.Wb.W.
        0x0020:  8018 0389 2f28 0000 0101 080a faed cb97  ..../(..........
        0x0030:  d49d 7f93 3235 3020 4f6b 0d0a            ....250.Ok..
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [P.], seq 155:161, ack 222, win 501, options [nop,nop,TS val 3567091664 ecr 4209888151], length 6: SMTP: data
        0x0000:  4500 003a dc05 4000 4006 c6e8 ac15 21cc  E..:..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 57ad a860 ce5f  .....(..b.W..`._
        0x0020:  8018 01f5 97fc 0000 0101 080a d49d 7fd0  ................
        0x0030:  faed cb97 6461 7461 0d0a                 ....data..
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [.], ack 161, win 905, options [nop,nop,TS val 4209888153 ecr 3567091664], length 0
        0x0000:  4500 0034 8c95 4000 3f06 175f c612 03dc  E..4..@.?.._....
        0x0010:  ac15 21cc 0019 a228 a860 ce5f 6203 57b3  ..!....(.`._b.W.
        0x0020:  8010 0389 edb5 0000 0101 080a faed cb99  ................
        0x0030:  d49d 7fd0                                ....
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 222:259, ack 161, win 905, options [nop,nop,TS val 4209888202 ecr 3567091664], length 37: SMTP: 354 End data with <CR><LF>.<CR><LF>
        0x0000:  4500 0059 8c96 4000 3f06 1739 c612 03dc  E..Y..@.?..9....
        0x0010:  ac15 21cc 0019 a228 a860 ce5f 6203 57b3  ..!....(.`._b.W.
        0x0020:  8018 0389 bc7a 0000 0101 080a faed cbca  .....z..........
        0x0030:  d49d 7fd0 3335 3420 456e 6420 6461 7461  ....354.End.data
        0x0040:  2077 6974 6820 3c43 523e 3c4c 463e 2e3c  .with.<CR><LF>.<
        0x0050:  4352 3e3c 4c46 3e0d 0a                   CR><LF>..
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [P.], seq 161:412, ack 259, win 501, options [nop,nop,TS val 3567091714 ecr 4209888202], length 251: SMTP: Content-Type: text/html; charset="utf-8"
        0x0000:  4500 012f dc06 4000 4006 c5f2 ac15 21cc  E../..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 57b3 a860 ce84  .....(..b.W..`..
        0x0020:  8018 01f5 98f1 0000 0101 080a d49d 8002  ................
        0x0030:  faed cbca 436f 6e74 656e 742d 5479 7065  ....Content-Type
        0x0040:  3a20 7465 7874 2f68 746d 6c3b 2063 6861  :.text/html;.cha
        0x0050:  7273 6574 3d22 7574 662d 3822 0d0a 4d49  rset="utf-8"..MI
        0x0060:  4d45 2d56 6572 7369 6f6e 3a20 312e 300d  ME-Version:.1.0.
        0x0070:  0a43 6f6e 7465 6e74 2d54 7261 6e73 6665  .Content-Transfe
        0x0080:  722d 456e 636f 6469 6e67 3a20 6261 7365  r-Encoding:.base
        0x0090:  3634 0d0a 4672 6f6d 3a20 7365 6e64 6572  64..From:.sender
        0x00a0:  203c 6f79 6f68 7965 6540 6f79 6f68 7965  .<oyohyee@oyohye
        0x00b0:  652e 636f 6d3e 0d0a 546f 3a20 4f68 5965  e.com>..To:.OhYe
        0x00c0:  6520 3c6f 796f 6879 6565 406f 796f 6879  e.<oyohyee@oyohy
        0x00d0:  6565 2e63 6f6d 3e0d 0a53 7562 6a65 6374  ee.com>..Subject
        0x00e0:  3a20 3d3f 7574 662d 383f 623f 3572 574c  :.=?utf-8?b?5rWL
        0x00f0:  364b 2b56 3f3d 0d0a 0d0a 5047 4567 6148  6K+V?=....PGEgaH
        0x0100:  4a6c 5a6a 306e 6433 6433 4c6d 3935 6232  JlZj0nd3d3Lm95b2
        0x0110:  6835 5a57 5575 5932 3974 4a7a 3550 6146  h5ZWUuY29tJz5PaF
        0x0120:  6c6c 5a54 7776 5954 343d 0d0a 2e0d 0a    llZTwvYT4=.....
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [.], ack 412, win 939, options [nop,nop,TS val 4209888204 ecr 3567091714], length 0
        0x0000:  4500 0034 8c97 4000 3f06 175d c612 03dc  E..4..@.?..]....
        0x0010:  ac15 21cc 0019 a228 a860 ce84 6203 58ae  ..!....(.`..b.X.
        0x0020:  8010 03ab ec0e 0000 0101 080a faed cbcc  ................
        0x0030:  d49d 8002                                ....
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 259:279, ack 412, win 939, options [nop,nop,TS val 4209889083 ecr 3567091714], length 20: SMTP: 250 Ok: queued as
        0x0000:  4500 0048 8c98 4000 3f06 1748 c612 03dc  E..H..@.?..H....
        0x0010:  ac15 21cc 0019 a228 a860 ce84 6203 58ae  ..!....(.`..b.X.
        0x0020:  8018 03ab 1fc8 0000 0101 080a faed cf3b  ...............;
        0x0030:  d49d 8002 3235 3020 4f6b 3a20 7175 6575  ....250.Ok:.queu
        0x0040:  6564 2061 7320 0d0a                      ed.as...
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [F.], seq 412, ack 279, win 501, options [nop,nop,TS val 3567092603 ecr 4209889083], length 0
        0x0000:  4500 0034 dc07 4000 4006 c6ec ac15 21cc  E..4..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 58ae a860 ce98  .....(..b.X..`..
        0x0020:  8011 01f5 97f6 0000 0101 080a d49d 837b  ...............{
        0x0030:  faed cf3b                                ...;
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [F.], seq 279, ack 413, win 939, options [nop,nop,TS val 4209889093 ecr 3567092603], length 0
        0x0000:  4500 0034 8c99 4000 3f06 175b c612 03dc  E..4..@.?..[....
        0x0010:  ac15 21cc 0019 a228 a860 ce98 6203 58af  ..!....(.`..b.X.
        0x0020:  8011 03ab e506 0000 0101 080a faed cf45  ...............E
        0x0030:  d49d 837b                                ...{
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [.], ack 280, win 501, options [nop,nop,TS val 3567092605 ecr 4209889093], length 0
        0x0000:  4500 0034 dc08 4000 4006 c6eb ac15 21cc  E..4..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 58af a860 ce99  .....(..b.X..`..
        0x0020:  8010 01f5 97f6 0000 0101 080a d49d 837d  ...............}
        0x0030:  faed cf45                                ...E

解析

由于内容包含不需要讨论的 TCP 部分，因此单独将 SMTP 部分给选取出来

简单来说，实际上就是客户端连接到服务端后，服务端声明自己是一个 SMTP 服务器，且使用扩展 SMTP 协议（Esmtp）

双方交换自己的主机名，并且客户端给出自己支持的内容（如何验证身份，发信格式）

客户端使用 base64 编码自己的用户名和密码，发送给服务端进行验证。服务端验证成功后，返回成功码

客户端发送发件人信息、收件人信息，客户端确认接收

客户端申请发送邮件内容，服务端告知结束符，客户端以 IMF 格式发送邮件内容

在不使用加密的情况下，通信内容是完全铭文传输的，仅仅只有一个简单的 base64 编码作为保护

如果选择使用 SSL 加密，那么只能看到加密后的应用数据，但是由于 SMTP 属于简单的一问一答形式的通信，因此仍然具有较为明显的时空特性

由于一问一答的形式，因此每组对话都有明显的间隔与分割（不像一些支持全双工的协议，多组数据可能会混合到一起发送）
TLS 本身不对包长度进行加密（没有流量填充机制）

将上面的代码改为使用 SMTP over TLS 通信（修改端口为 465，并且把 smtplib.SMTP() 修改为 smtplib.SMTP_SSL()，则可以发现，尽管数据完全被加密了，但是数据包仍然为 13 个数据包，并且可以看到第 7 个数据包和第 9 个数据包长度都是 64（原本都是 8 字节的 "250 Ok\r\n"）。借助于类似的特性，仍然可以将一个完全加密的协议，视为 SMTP 协议、

如果是老版本的 TLS，可以从 TLS 的 SNI 部分获取域名。但即使是新版本的 TLS，也可以借助 DNS 反向解析来获取域名结果

参考资料