brentokc
asked on
I need the commmands in a log file from a Merak 8.3.5 IMAP4rev1 interpreted, the log contains 146 lines but many are repetitive
A client has had an employees e-mail accessed by a previous employee, who apparently had the password. The hosting service has supplied a partial log. I have no experience with the IMAP protocol and reading the RFC's has not given me the knowledge that I feel necessary to properly respond to my client. Can someone please review the log and supply me with an interpretation of the commands? I will be happy to pay a reasonable fee, plus the points, for this service. The commands section of the log is listed below, with e-mail address replaced with "x", no other alterations. Thanks -Brent Davis
Connected
>>> * OK Merak 8.3.5 IMAP4rev1 Tue, 24 Jan 2006 17:43:13 -0600
<<< 001K CAPABILITY
<<< 001L LOGIN xx@xx.com *********
>>> 001L OK LOGIN Completed
<<< 001N LIST "" ""
>>> * LIST (\Noselect) "/" ""
<<< 001O SELECT "INBOX"
<<< 001V UID FETCH 308:* (UID FLAGS RFC822.SIZE BODY.PEEK[HEADER] INTERNALDATE)
>>> 001V OK UID FETCH Completed
<<< 001W UID FETCH 1:307 (UID FLAGS)
>>> 001W OK UID FETCH Completed
<<< 001X UID FETCH 308 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 001X OK UID FETCH Completed
<<< 001Y UID STORE 308 FLAGS ()
>>> 001Y OK UID STORE Completed
<<< 001Z UID FETCH 309 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 001Z OK UID FETCH Completed
<<< 0020 UID STORE 309 FLAGS ()
>>> 0020 OK UID STORE Completed
<<< 0021 UID FETCH 310 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0021 OK UID FETCH Completed
<<< 0022 UID STORE 310 FLAGS ()
>>> 0022 OK UID STORE Completed
<<< 0023 UID FETCH 311 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0023 OK UID FETCH Completed
<<< 0024 UID STORE 311 FLAGS ()
>>> 0024 OK UID STORE Completed
<<< 0025 UID FETCH 312 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0025 OK UID FETCH Completed
<<< 0026 UID STORE 312 FLAGS ()
>>> 0026 OK UID STORE Completed
<<< 0027 UID FETCH 313 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0027 OK UID FETCH Completed
<<< 0028 UID STORE 313 FLAGS ()
>>> 0028 OK UID STORE Completed
<<< 0029 UID FETCH 314 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0029 OK UID FETCH Completed
<<< 002A UID STORE 314 FLAGS ()
>>> 002A OK UID STORE Completed
<<< 002B UID FETCH 315 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002B OK UID FETCH Completed
<<< 002C UID STORE 315 FLAGS ()
>>> 002C OK UID STORE Completed
<<< 002D UID FETCH 316 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002D OK UID FETCH Completed
<<< 002E UID STORE 316 FLAGS ()
>>> 002E OK UID STORE Completed
<<< 002F UID FETCH 317 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002F OK UID FETCH Completed
<<< 002G UID STORE 317 FLAGS ()
>>> 002G OK UID STORE Completed
<<< 002H UID FETCH 318 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002H OK UID FETCH Completed
<<< 002I UID STORE 318 FLAGS ()
>>> 002I OK UID STORE Completed
<<< 002J UID FETCH 319 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002J OK UID FETCH Completed
<<< 002K UID STORE 319 FLAGS ()
>>> 002K OK UID STORE Completed
<<< 002L UID FETCH 320 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002L OK UID FETCH Completed
<<< 002M UID STORE 320 FLAGS ()
>>> 002M OK UID STORE Completed
<<< 002N UID FETCH 321 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002N OK UID FETCH Completed
<<< 002O UID STORE 321 FLAGS ()
>>> 002O OK UID STORE Completed
<<< 002P UID FETCH 322 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002P OK UID FETCH Completed
<<< 002Q UID STORE 322 FLAGS ()
>>> 002Q OK UID STORE Completed
<<< 002R UID FETCH 323 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002R OK UID FETCH Completed
<<< 002S UID STORE 323 FLAGS ()
>>> 002S OK UID STORE Completed
<<< 002T UID FETCH 324 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002T OK UID FETCH Completed
<<< 002U UID STORE 324 FLAGS ()
>>> 002U OK UID STORE Completed
<<< 002V UID FETCH 325 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002V OK UID FETCH Completed
<<< 002W UID STORE 325 FLAGS ()
>>> 002W OK UID STORE Completed
<<< 002X UID FETCH 326 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002X OK UID FETCH Completed
<<< 002Y UID STORE 326 FLAGS ()
>>> 002Y OK UID STORE Completed
<<< 002Z UID FETCH 327 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002Z OK UID FETCH Completed
<<< 0030 UID STORE 327 FLAGS ()
>>> 0030 OK UID STORE Completed
<<< 0031 UID FETCH 328 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0031 OK UID FETCH Completed
<<< 0032 UID STORE 328 FLAGS ()
>>> 0032 OK UID STORE Completed
<<< 0033 UID FETCH 329 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0033 OK UID FETCH Completed
<<< 0034 UID STORE 329 FLAGS ()
>>> 0034 OK UID STORE Completed
<<< 0035 UID FETCH 330 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0035 OK UID FETCH Completed
<<< 0036 UID STORE 330 FLAGS ()
>>> 0036 OK UID STORE Completed
<<< 0037 NOOP
>>> 0037 OK NOOP Completed
<<< 003D NOOP
>>> 003D OK NOOP Completed
Connected
>>> * OK Merak 8.3.5 IMAP4rev1 Tue, 24 Jan 2006 17:44:10 -0600
<<< 003F CAPABILITY
<<< 003G LOGIN xx@xx.com *********
>>> 003G OK LOGIN Completed
<<< 003I LSUB "" "*"
>>> 003I OK LSUB Completed
<<< 003K STATUS "Deleted Items" (UNSEEN)
>>> * STATUS "Deleted Items" (UNSEEN 0)
<<< 003L STATUS "Drafts" (UNSEEN)
>>> * STATUS "Drafts" (UNSEEN 0)
<<< 003M STATUS "Sent Items" (UNSEEN)
>>> * STATUS "Sent Items" (UNSEEN 0)
<<< ZZZZ LOGOUT
>>> * BYE IMAP4rev1 Server terminating connection
*** <chuckcaldwell@eunitedlend
<<< 004G NOOP
>>> 004G OK NOOP Completed
<<< ZZZZ LOGOUT
>>> * BYE IMAP4rev1 Server terminating connection
Connected
>>> * OK Merak 8.3.5 IMAP4rev1 Tue, 24 Jan 2006 17:43:13 -0600
<<< 001P CAPABILITY
<<< 001Q LOGIN xx@xx.com *********
>>> 001Q OK LOGIN Completed
<<< 001R LSUB "" "*"
>>> 001R OK LSUB Completed
<<< 001S STATUS "Deleted Items" (UNSEEN)
>>> * STATUS "Deleted Items" (UNSEEN 0)
<<< 001T STATUS "Drafts" (UNSEEN)
>>> * STATUS "Drafts" (UNSEEN 0)
<<< 001U STATUS "Sent Items" (UNSEEN)
>>> * STATUS "Sent Items" (UNSEEN 0)
<<< ZZZZ LOGOUT
>>> * BYE IMAP4rev1 Server terminating connection
Connected
>>> * OK Merak 8.3.5 IMAP4rev1 Tue, 24 Jan 2006 17:43:13 -0600
<<< 001K CAPABILITY
<<< 001L LOGIN xx@xx.com *********
>>> 001L OK LOGIN Completed
<<< 001N LIST "" ""
>>> * LIST (\Noselect) "/" ""
<<< 001O SELECT "INBOX"
<<< 001V UID FETCH 308:* (UID FLAGS RFC822.SIZE BODY.PEEK[HEADER] INTERNALDATE)
>>> 001V OK UID FETCH Completed
<<< 001W UID FETCH 1:307 (UID FLAGS)
>>> 001W OK UID FETCH Completed
<<< 001X UID FETCH 308 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 001X OK UID FETCH Completed
<<< 001Y UID STORE 308 FLAGS ()
>>> 001Y OK UID STORE Completed
<<< 001Z UID FETCH 309 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 001Z OK UID FETCH Completed
<<< 0020 UID STORE 309 FLAGS ()
>>> 0020 OK UID STORE Completed
<<< 0021 UID FETCH 310 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0021 OK UID FETCH Completed
<<< 0022 UID STORE 310 FLAGS ()
>>> 0022 OK UID STORE Completed
<<< 0023 UID FETCH 311 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0023 OK UID FETCH Completed
<<< 0024 UID STORE 311 FLAGS ()
>>> 0024 OK UID STORE Completed
<<< 0025 UID FETCH 312 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0025 OK UID FETCH Completed
<<< 0026 UID STORE 312 FLAGS ()
>>> 0026 OK UID STORE Completed
<<< 0027 UID FETCH 313 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0027 OK UID FETCH Completed
<<< 0028 UID STORE 313 FLAGS ()
>>> 0028 OK UID STORE Completed
<<< 0029 UID FETCH 314 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0029 OK UID FETCH Completed
<<< 002A UID STORE 314 FLAGS ()
>>> 002A OK UID STORE Completed
<<< 002B UID FETCH 315 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002B OK UID FETCH Completed
<<< 002C UID STORE 315 FLAGS ()
>>> 002C OK UID STORE Completed
<<< 002D UID FETCH 316 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002D OK UID FETCH Completed
<<< 002E UID STORE 316 FLAGS ()
>>> 002E OK UID STORE Completed
<<< 002F UID FETCH 317 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002F OK UID FETCH Completed
<<< 002G UID STORE 317 FLAGS ()
>>> 002G OK UID STORE Completed
<<< 002H UID FETCH 318 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002H OK UID FETCH Completed
<<< 002I UID STORE 318 FLAGS ()
>>> 002I OK UID STORE Completed
<<< 002J UID FETCH 319 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002J OK UID FETCH Completed
<<< 002K UID STORE 319 FLAGS ()
>>> 002K OK UID STORE Completed
<<< 002L UID FETCH 320 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002L OK UID FETCH Completed
<<< 002M UID STORE 320 FLAGS ()
>>> 002M OK UID STORE Completed
<<< 002N UID FETCH 321 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002N OK UID FETCH Completed
<<< 002O UID STORE 321 FLAGS ()
>>> 002O OK UID STORE Completed
<<< 002P UID FETCH 322 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002P OK UID FETCH Completed
<<< 002Q UID STORE 322 FLAGS ()
>>> 002Q OK UID STORE Completed
<<< 002R UID FETCH 323 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002R OK UID FETCH Completed
<<< 002S UID STORE 323 FLAGS ()
>>> 002S OK UID STORE Completed
<<< 002T UID FETCH 324 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002T OK UID FETCH Completed
<<< 002U UID STORE 324 FLAGS ()
>>> 002U OK UID STORE Completed
<<< 002V UID FETCH 325 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002V OK UID FETCH Completed
<<< 002W UID STORE 325 FLAGS ()
>>> 002W OK UID STORE Completed
<<< 002X UID FETCH 326 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002X OK UID FETCH Completed
<<< 002Y UID STORE 326 FLAGS ()
>>> 002Y OK UID STORE Completed
<<< 002Z UID FETCH 327 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 002Z OK UID FETCH Completed
<<< 0030 UID STORE 327 FLAGS ()
>>> 0030 OK UID STORE Completed
<<< 0031 UID FETCH 328 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0031 OK UID FETCH Completed
<<< 0032 UID STORE 328 FLAGS ()
>>> 0032 OK UID STORE Completed
<<< 0033 UID FETCH 329 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0033 OK UID FETCH Completed
<<< 0034 UID STORE 329 FLAGS ()
>>> 0034 OK UID STORE Completed
<<< 0035 UID FETCH 330 (UID FLAGS BODY.PEEK[] INTERNALDATE)
>>> 0035 OK UID FETCH Completed
<<< 0036 UID STORE 330 FLAGS ()
>>> 0036 OK UID STORE Completed
<<< 0037 NOOP
>>> 0037 OK NOOP Completed
<<< 003D NOOP
>>> 003D OK NOOP Completed
Connected
>>> * OK Merak 8.3.5 IMAP4rev1 Tue, 24 Jan 2006 17:44:10 -0600
<<< 003F CAPABILITY
<<< 003G LOGIN xx@xx.com *********
>>> 003G OK LOGIN Completed
<<< 003I LSUB "" "*"
>>> 003I OK LSUB Completed
<<< 003K STATUS "Deleted Items" (UNSEEN)
>>> * STATUS "Deleted Items" (UNSEEN 0)
<<< 003L STATUS "Drafts" (UNSEEN)
>>> * STATUS "Drafts" (UNSEEN 0)
<<< 003M STATUS "Sent Items" (UNSEEN)
>>> * STATUS "Sent Items" (UNSEEN 0)
<<< ZZZZ LOGOUT
>>> * BYE IMAP4rev1 Server terminating connection
*** <chuckcaldwell@eunitedlend
<<< 004G NOOP
>>> 004G OK NOOP Completed
<<< ZZZZ LOGOUT
>>> * BYE IMAP4rev1 Server terminating connection
Connected
>>> * OK Merak 8.3.5 IMAP4rev1 Tue, 24 Jan 2006 17:43:13 -0600
<<< 001P CAPABILITY
<<< 001Q LOGIN xx@xx.com *********
>>> 001Q OK LOGIN Completed
<<< 001R LSUB "" "*"
>>> 001R OK LSUB Completed
<<< 001S STATUS "Deleted Items" (UNSEEN)
>>> * STATUS "Deleted Items" (UNSEEN 0)
<<< 001T STATUS "Drafts" (UNSEEN)
>>> * STATUS "Drafts" (UNSEEN 0)
<<< 001U STATUS "Sent Items" (UNSEEN)
>>> * STATUS "Sent Items" (UNSEEN 0)
<<< ZZZZ LOGOUT
>>> * BYE IMAP4rev1 Server terminating connection
ASKER
Hey Miguel-
I need to know what action is occuring as a result of each line of commands. Such as >>> * LIST (\Noselect) "/" "" - from my reading this means the user is requesting a list of the files in the mailbox, like Inbox or Sent Items. But I don't understand the arguments after LIST. Sames way with >>> * STATUS "Sent Items" (UNSEEN 0), does this mean the user wants to see the flags on the Sent Items and what does (UNSEEN 0) mean. I really don't understand what action is taking place as a result of each line in the log listing. Hope this makes things clearer.
Brent
I need to know what action is occuring as a result of each line of commands. Such as >>> * LIST (\Noselect) "/" "" - from my reading this means the user is requesting a list of the files in the mailbox, like Inbox or Sent Items. But I don't understand the arguments after LIST. Sames way with >>> * STATUS "Sent Items" (UNSEEN 0), does this mean the user wants to see the flags on the Sent Items and what does (UNSEEN 0) mean. I really don't understand what action is taking place as a result of each line in the log listing. Hope this makes things clearer.
Brent
Hi brentock.
Here's a good guide with all commands :
http://www.networksorcery.com/enp/rfc/rfc3501.txt
Miguel
Here's a good guide with all commands :
http://www.networksorcery.com/enp/rfc/rfc3501.txt
Miguel
ASKER
Yes I have read the RFC's, but the arguments are still not clear to me. My experience is in computer forensic analysis and network administration; I have no experience in progamming or IMAP. This report was due last week and I just need someone to interpret the log now - learning the details of IMAP will have to wait for another day.
Thank you,
Brent Davis
Thank you,
Brent Davis
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm going to close this question and give you the points, even though you only pointed out what I already knew and that I had already said I didn't understand.
ASKER
Also clearly no one else is interested in participating.
But what are the question ? What do you want to know ?
Miguel