hey Chris, thanks for the reply. >"tcpflow" will capture the ethernet stream (free). Also Net Tool Box (I >forget if you can use the Traffic Watcher function for free). Neither >separate streams like Anarchie/Interarchy used to do.
here's the tcpflow output using the command 'sudo tcpflow -c port 25'. I tried looking at all the traffic but there was way too much noise: x.x.x.x = mail server ip anon.domain.com = mail server domain name y.y.y.y = fixed ip at home ----tcpflow start x.x.x.x.00025-192.168.181.083.49452: 220 anon.domain.com ESMTP Sendmail 8.11.6/8.11.6; Thu, 4 Sep 2003 13:58:03 +0100 192.168.181.083.49452-x.x.x.x.00025: EHLO [192.168.181.83] x.x.x.x.00025-192.168.181.083.49452: 250-anon.domain.com Hello [y.y.y.y], pleased to meet you 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-SIZE 250-DSN 250-ONEX 250-ETRN 250-XUSR 250-AUTH LOGIN PLAIN 250 HELP 192.168.181.083.49452-x.x.x.x.00025: AUTH PLAIN AGFkYW1AbGltYm9tZWRpYS5jb20ATXJVNFk3bEo= x.x.x.x.00025-192.168.181.083.49452: 500 5.7.0 authentication failed ----tcpflow end This doesn't mean an awful lot to me, I hope you guys can shed some light. Thanks again for the time, adam ---------------------------------- adam child limbomedia ltd. e-mail: [EMAIL PROTECTED] web: http://www.limbomedia.com
