Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

view smtp traffic

hie

i need to view smtp traffic that is passing through my cisco router that connects to the internet.

the problem is that i don know which command to use to view the smtp traffic or any additional config that has to be done.

could you please assist

thank you

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Bronze

Re: view smtp traffic

I suggest you enable

ip nbar protocol-discovery on the egress interface

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_i1h.htm#wp1096745

An access-list with the log option would also do the job but the drawback with this solution is that packet will be process switched (causing some CPU utilization) instead of fast switched.

Re: view smtp traffic

Another option is enable ip cache flow on the interface wher you want to monitor.

show ip cache flow.

You will then be able to see teh TCP flows including SMTP

by the command show ip cache flow

6 REPLIES
Silver

Re: view smtp traffic

You can configure an access-list with a log option on your outgoing/incoming interface. Depending upon you platform Netflow is another option.

Thanks.

Bronze

Re: view smtp traffic

Are you trying to see how much SMTP traffic is going through your router or be able to actually READ the SMTP email being sent?

The only way to actually read the emails is to capture the full packet (span the port or in-line sniffer).

New Member

Re: view smtp traffic

i just want to see if smtp traffic is goin in or out of my router not to read the mail being sent.

Hall of Fame Super Bronze

Re: view smtp traffic

I suggest you enable

ip nbar protocol-discovery on the egress interface

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_i1h.htm#wp1096745

An access-list with the log option would also do the job but the drawback with this solution is that packet will be process switched (causing some CPU utilization) instead of fast switched.

Re: view smtp traffic

Another option is enable ip cache flow on the interface wher you want to monitor.

show ip cache flow.

You will then be able to see teh TCP flows including SMTP

by the command show ip cache flow

Bronze

Re: view smtp traffic

Hi

In case you are looking for a specific info regarding smtp traffic at some particualr time frame then you can check it on the router as suggested by ananramapathy.

enable ip cache on the interface by " ip route-cache flow" and then capture the traffic by "show ip cache flow | include 'concerned parameter' "

Now this 'concerned parameter' can be source ip destination ip or if you want to see whole smtp traffic then it has to be captured by port number in "hexadecimal" so it will be like this

"show ip cache flow | i 19"

SMTP port number :- 25 , 19 in HEX

but this will also include other results which have "19" even in the IP Address :) so lots of manual filtering work (check for "19" under DstP column)

better go for netflow monitor and divert the netflow traffic to external monitor and do the analyses.

HTH

rgds

1140
Views
5
Helpful
6
Replies