SMTP traffic analysis

SOLVED
paulreveco
Comes here often

SMTP traffic analysis

  • We want to analyze the SMTP traffic, but there are differences in the amount of traffic per port and application, on the other hand, understand why the filter is typified as ports 25+.
    Rule details: Ports - Host-based email (ports 25+) >>> This shows more traffic than the application.
    Rule details: Applications - Host-based email (POP3 / IMAP / SMTP)

 

paulreveco_2-1631809841830.png

 

paulreveco_1-1631809741413.png

 

 

 

 

1 ACCEPTED SOLUTION
Brash
Building a reputation

The "Host-based email" rule shows "Ports 25+" because it includes multiple ports:

 - POP3 (Ports 110,995)
 - IMAP (Ports 143,993)
 - SMTP (Ports 25,465) 

 

There may be more that I've missed but the main point is that there are multiple ports it is classifying.

 

The "Windows file sharing" rule has a similar name and multiple port classification.

However, for this rule, it lists the ports under the name.

 

Windows File Sharing.PNG

 

 

View solution in original post

1 REPLY 1
Brash
Building a reputation

The "Host-based email" rule shows "Ports 25+" because it includes multiple ports:

 - POP3 (Ports 110,995)
 - IMAP (Ports 143,993)
 - SMTP (Ports 25,465) 

 

There may be more that I've missed but the main point is that there are multiple ports it is classifying.

 

The "Windows file sharing" rule has a similar name and multiple port classification.

However, for this rule, it lists the ports under the name.

 

Windows File Sharing.PNG

 

 

View solution in original post

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels