Tcpdump command to monitor the SMTP activity from a IP or range of IP.
The tcpdump is a useful utility to monitor the network activity in the server.
You can monitor the SMTP activity to find out the mail account used by spammer.
tcpdump -i eth0 -n src 192.168.1.4 \or dst 192.168.1.4 -w smtp.tcpdump -s 2048
The above command will monitor the SMTP activity from the IP address 192.168.1.4 and will log to the file smtp.tcpdump.
Please use the following command to monitor a range of IP
tcpdump -i eth0 -n src net 219.91.0.0/16 \or dst net 219.91.0.0/16 -w smtp.tcpdump -s 2048
The above command will monitor the range of IP starting with 219.91. You can use less or Wireshark to analyze the dump file. You need to replace the network device with your network device EG : venet0:0 in a VPS.
One Response to “Tcpdump command to monitor the SMTP activity from a IP or range of IP”
Leave a Reply
You must be logged in to post a comment.
1tasteless…
…