cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3947
Views
5
Helpful
6
Replies

view smtp traffic

akobwaycct
Level 1
Level 1

hie

i need to view smtp traffic that is passing through my cisco router that connects to the internet.

the problem is that i don know which command to use to view the smtp traffic or any additional config that has to be done.

could you please assist

thank you

2 Accepted Solutions

Accepted Solutions

I suggest you enable

ip nbar protocol-discovery on the egress interface

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_i1h.htm#wp1096745

An access-list with the log option would also do the job but the drawback with this solution is that packet will be process switched (causing some CPU utilization) instead of fast switched.

View solution in original post

Another option is enable ip cache flow on the interface wher you want to monitor.

show ip cache flow.

You will then be able to see teh TCP flows including SMTP

by the command show ip cache flow

View solution in original post

6 Replies 6

rais
Level 7
Level 7

You can configure an access-list with a log option on your outgoing/incoming interface. Depending upon you platform Netflow is another option.

Thanks.

avmabe
Level 3
Level 3

Are you trying to see how much SMTP traffic is going through your router or be able to actually READ the SMTP email being sent?

The only way to actually read the emails is to capture the full packet (span the port or in-line sniffer).

i just want to see if smtp traffic is goin in or out of my router not to read the mail being sent.

I suggest you enable

ip nbar protocol-discovery on the egress interface

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_i1h.htm#wp1096745

An access-list with the log option would also do the job but the drawback with this solution is that packet will be process switched (causing some CPU utilization) instead of fast switched.

Another option is enable ip cache flow on the interface wher you want to monitor.

show ip cache flow.

You will then be able to see teh TCP flows including SMTP

by the command show ip cache flow

Hi

In case you are looking for a specific info regarding smtp traffic at some particualr time frame then you can check it on the router as suggested by ananramapathy.

enable ip cache on the interface by " ip route-cache flow" and then capture the traffic by "show ip cache flow | include 'concerned parameter' "

Now this 'concerned parameter' can be source ip destination ip or if you want to see whole smtp traffic then it has to be captured by port number in "hexadecimal" so it will be like this

"show ip cache flow | i 19"

SMTP port number :- 25 , 19 in HEX

but this will also include other results which have "19" even in the IP Address :) so lots of manual filtering work (check for "19" under DstP column)

better go for netflow monitor and divert the netflow traffic to external monitor and do the analyses.

HTH

rgds

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: