view smtp traffic

Answered Question
Aug 24th, 2007
User Badges:

hie


i need to view smtp traffic that is passing through my cisco router that connects to the internet.


the problem is that i don know which command to use to view the smtp traffic or any additional config that has to be done.


could you please assist

thank you



Correct Answer by anandramapathy about 9 years 9 months ago

Another option is enable ip cache flow on the interface wher you want to monitor.


show ip cache flow.


You will then be able to see teh TCP flows including SMTP


by the command show ip cache flow

Correct Answer by Edison Ortiz about 9 years 9 months ago

I suggest you enable


ip nbar protocol-discovery on the egress interface


http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_i1h.htm#wp1096745


An access-list with the log option would also do the job but the drawback with this solution is that packet will be process switched (causing some CPU utilization) instead of fast switched.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
rais Fri, 08/24/2007 - 08:20
User Badges:
  • Silver, 250 points or more

You can configure an access-list with a log option on your outgoing/incoming interface. Depending upon you platform Netflow is another option.


Thanks.

avmabe Fri, 08/24/2007 - 08:32
User Badges:
  • Bronze, 100 points or more

Are you trying to see how much SMTP traffic is going through your router or be able to actually READ the SMTP email being sent?


The only way to actually read the emails is to capture the full packet (span the port or in-line sniffer).


akobwaycct Sat, 08/25/2007 - 08:13
User Badges:

i just want to see if smtp traffic is goin in or out of my router not to read the mail being sent.

Correct Answer
Edison Ortiz Sat, 08/25/2007 - 09:23
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

I suggest you enable


ip nbar protocol-discovery on the egress interface


http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_i1h.htm#wp1096745


An access-list with the log option would also do the job but the drawback with this solution is that packet will be process switched (causing some CPU utilization) instead of fast switched.

Correct Answer
anandramapathy Mon, 08/27/2007 - 00:46
User Badges:
  • Bronze, 100 points or more

Another option is enable ip cache flow on the interface wher you want to monitor.


show ip cache flow.


You will then be able to see teh TCP flows including SMTP


by the command show ip cache flow

rajatsetia Mon, 08/27/2007 - 01:15
User Badges:
  • Bronze, 100 points or more

Hi


In case you are looking for a specific info regarding smtp traffic at some particualr time frame then you can check it on the router as suggested by ananramapathy.


enable ip cache on the interface by " ip route-cache flow" and then capture the traffic by "show ip cache flow | include 'concerned parameter' "


Now this 'concerned parameter' can be source ip destination ip or if you want to see whole smtp traffic then it has to be captured by port number in "hexadecimal" so it will be like this


"show ip cache flow | i 19"


SMTP port number :- 25 , 19 in HEX


but this will also include other results which have "19" even in the IP Address :) so lots of manual filtering work (check for "19" under DstP column)


better go for netflow monitor and divert the netflow traffic to external monitor and do the analyses.


HTH


rgds

Actions

This Discussion