Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

NRose8989

macrumors 6502a
Original poster
Feb 6, 2008
629
0
This may seem a little fishy but my intentions are strictly academic. (haha seriously though)

I was wondering if someone knows of a tool that can monitor SMTP traffic out of a specific (remote) IP?

The class i'm taking is about secure coding. My final project is about information disclosure specifically transferring information over a unsecured method i.e. email.

My intent for the project is to build a proof of concept by building a quick web app on a development server provided by my school, then use the tool to monitor the traffic out of my test server. then present my finding to the class.

Any help?

Thanks

BTW sorry if this is in the wrong category, I just though this was more along the lines of a programming sense than anything else.
 
You will need to have physical access to the packets, meaning you need to either be on the SMTP server or a machine that is directly connected to the network of the SMTP server. Usually the server is connected to a network switch. Some network switches support "port mirroring" which could let one copy packets seen on one port to another. Then you can put your sniffing machine on that other port. I'm guessing that you don't have access to either of these if you're calling the SMTP server "remote".

However, if you have physical access to the packets, a low-level tool for looking at packets is tcpdump. It is not going to parse the packet payload of the email message, but it will parse the TCP/IP headers.

If you want to write your own packet sniffer, you can use the libpcap library. This is what tcpdump uses. You will need root-level privileges to do packet sniffing.

By the way, writing such a tool has nothing to do with a web application, but you could use a web application to display the information disclosed.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.