Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Capture internal smtp traffic

ISP reports spam from IP and it appears to be a virus sending spam. Please advise on creating temporary access list to capture internal smtp attempts

3 REPLIES
New Member

Re: Capture internal smtp traffic

Hi,

If its going through a PIX, check out:

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fd87a.html#wp1950270

In which case you could something like this:

access-list smtp-watch permit tcp any any eq smtp

capture captest access-list smtp-watch packet-length [length] interface [interface to watch]

Good luck,

Glen

Silver

Re: Capture internal smtp traffic

You can then view the capture via the CLI using sho capture captest OR (better option) you can download the capture from your PIX/ASA using the following URL

https://192.168.1.1/capture/captest/pcap

where 192.168.1.1 = IP and captest = name of capture

By putting pcap at the end of the URL it downloads the capture in PCAP format which allows you to view it using Ethereal. I highly recommend this if you have the time.

If this helps, please rate.

Cheers.

Jay

New Member

Re: Capture internal smtp traffic

Both suggestions worked great, Thanks!

201
Views
10
Helpful
3
Replies