Could someone please advise me on capturing outgoing port 25 traffic on our Internet IP address? We were placed on a couple of block lists, mostly cleared except for Outlook.com/Microsoft services. I have been capturing internal port 25 traffic just fine, where we look clean. I'd like to look at it from the "Internet side." I guess I need to do this remotely? Any assistance and with an example most appreciated. Thanks to the very helpful documentation and examples already out there I have been able to capture internal traffic, now just need the view from "outside." asked 18 May '14, 20:22  Neilrahc |
One Answer:
Inside or outside is usually just a difference in where you capture the data. If you need to capture packets on the outside you need to place your capture device on the port that connects you to your ISP. In most cases this is at the ISP router or on the outside of your own Firewall. answered 18 May '14, 23:53  Jasper ♦♦ |
Ok, thanks, that helps clarify. I wonder if I could do this remotely? I can at least ping that address.
Otherwise I could maybe put a switch between the company router and the ISP connection.
No you cannot do that remotely, because the outside packets will not be seen at the remote site - except for the answer packets of anything you sent (if you get an answer at all, depending on the firewall rules). My advice would be to put a switch between your company router and the ISP connection (if it is Ethernet, of course) and capture at the switch.