Building an SMTP Testing Lab with Telnet and Wireshark

For network and systems engineers, there is real value in understanding how SMTP behaves at protocol level. A lightweight SMTP lab helps validate mail flow, observe server responses, and teach protocol fundamentals in a controlled environment.

This post shows how to build a simple SMTP testing workflow using Telnet for manual interaction and Wireshark for packet inspection.

Lab Goal

The objective is to observe a basic SMTP session from connection to message submission, including:

• Server banner
• EHLO response
• MAIL FROM / RCPT TO / DATA sequence
• Traffic capture in Wireshark

Lab Components

• A test SMTP server or sandbox mail service
• A client machine with Telnet installed
• Wireshark for packet capture

For learning purposes, use a lab or non-production environment. Do not test systems you do not own or administer.

Step 1 – Connect to the SMTP Server

Open a terminal and connect to port 25:

telnet mailserver.example.com 25

Typical banner:

220 mailserver.example.com ESMTP Postfix

The banner confirms the SMTP service is reachable and often reveals the mail software in use.

Step 2 – Send EHLO

After connection, type:

EHLO lab.local

Typical response:

250-mailserver.example.com
250-PIPELINING
250-SIZE 52428800
250-STARTTLS
250-AUTH LOGIN PLAIN
250 HELP

This response shows the capabilities the server exposes to the client.

Step 3 – Simulate Basic Mail Submission

Use a simple SMTP transaction:

MAIL FROM:<[email protected]>
RCPT TO:<[email protected]>
DATA
Subject: SMTP Lab Test

This is a test message from the SMTP lab.
.
QUIT

The single period on a line by itself ends the message body.

Step 4 – Capture the Session in Wireshark

Open Wireshark before starting the Telnet session and capture on the correct network interface.

Useful display filters:

smtp
tcp.port == 25
ip.addr == x.x.x.x

Now you can see each SMTP command and server response in order.

What to Observe in Wireshark

• TCP three-way handshake
• SMTP banner from the server
• EHLO and supported extensions
• MAIL FROM and RCPT TO commands
• DATA section and message termination
• Session closure with QUIT

This is a good way to teach protocol sequencing and application-layer behavior over TCP.

Why This Lab Matters

In enterprise operations, SMTP troubleshooting is still relevant for:

• Mail relay issues
• Submission failures
• TLS negotiation problems
• Authentication troubleshooting
• Firewall or filtering validation

A simple Telnet-based exercise provides clarity that GUI tools often hide.

Defensive Engineering Value

From a security perspective, this lab helps identify:

• Excessive banner disclosure
• Weak or legacy AUTH methods
• Missing STARTTLS support
• Protocol handling issues

That makes it useful not only for learning but also for baseline validation.

Conclusion

A basic SMTP lab with Telnet and Wireshark remains one of the simplest and most effective ways to understand mail protocol behavior. It is low-cost, transparent, and highly practical for engineers and trainees.