08-24-2007 06:27 AM - edited 03-03-2019 06:27 PM
hie
i need to view smtp traffic that is passing through my cisco router that connects to the internet.
the problem is that i don know which command to use to view the smtp traffic or any additional config that has to be done.
could you please assist
thank you
Solved! Go to Solution.
08-25-2007 09:23 AM
I suggest you enable
ip nbar protocol-discovery on the egress interface
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_i1h.htm#wp1096745
An access-list with the log option would also do the job but the drawback with this solution is that packet will be process switched (causing some CPU utilization) instead of fast switched.
08-27-2007 12:46 AM
Another option is enable ip cache flow on the interface wher you want to monitor.
show ip cache flow.
You will then be able to see teh TCP flows including SMTP
by the command show ip cache flow
08-24-2007 08:20 AM
You can configure an access-list with a log option on your outgoing/incoming interface. Depending upon you platform Netflow is another option.
Thanks.
08-24-2007 08:32 AM
Are you trying to see how much SMTP traffic is going through your router or be able to actually READ the SMTP email being sent?
The only way to actually read the emails is to capture the full packet (span the port or in-line sniffer).
08-25-2007 08:13 AM
i just want to see if smtp traffic is goin in or out of my router not to read the mail being sent.
08-25-2007 09:23 AM
I suggest you enable
ip nbar protocol-discovery on the egress interface
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_i1h.htm#wp1096745
An access-list with the log option would also do the job but the drawback with this solution is that packet will be process switched (causing some CPU utilization) instead of fast switched.
08-27-2007 12:46 AM
Another option is enable ip cache flow on the interface wher you want to monitor.
show ip cache flow.
You will then be able to see teh TCP flows including SMTP
by the command show ip cache flow
08-27-2007 01:15 AM
Hi
In case you are looking for a specific info regarding smtp traffic at some particualr time frame then you can check it on the router as suggested by ananramapathy.
enable ip cache on the interface by " ip route-cache flow" and then capture the traffic by "show ip cache flow | include 'concerned parameter' "
Now this 'concerned parameter' can be source ip destination ip or if you want to see whole smtp traffic then it has to be captured by port number in "hexadecimal" so it will be like this
"show ip cache flow | i 19"
SMTP port number :- 25 , 19 in HEX
but this will also include other results which have "19" even in the IP Address :) so lots of manual filtering work (check for "19" under DstP column)
better go for netflow monitor and divert the netflow traffic to external monitor and do the analyses.
HTH
rgds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide