Ask the Expert

How can I monitor SMTP traffic coming from all machines?

As a consultant called to evaluate why the mail host for a domain noticed a threefold increase in outgoing traffic, I went to network monitor (inside their firewall) to identify the offending machine. Is there a way to monitor just SMTP traffic coming from all machines? I was able to identify the offending machines through the router interface but both were clean using both McAfee (they have a Sonic Wall firewall) and Symantec online scanning for viruses. The worrries don't stop there because they use VOIP for the phone system.

    Requires Free Membership to View

Windows NT and 2000 Server come with a built-in Network Monitor application that will allow you to capture and analyze network packets based on specific filter criteria. However, the native utility will only analyze packets that are sent to or from the local computer. To perform analysis on an enterprise network you will need an additional utility such as Systems Management Server or another third-party application - HP Openview, Unicenter TNG or the like.

If your client is already using a firewall, I wouldn't be surprised if the firewall itself possessed some description of monitoring software that might potentially meet your needs in this situation. It's certainly worth investigating in the interests of saving money and not having to re-invent the wheel.

This was first published in June 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: