Hi, One of our PC which is running on REDHat is sending SMTP packets to the firewall. Though the firewall drops the packet, it logs the same. We wanted to know :
1. IF we have to run a packet capture tool, where do we run ? - on the firewall or the PC ?
2. We ran network monitoring tool, but did not find any service / application on the rouge PC that is sending smtp packets. How do I trace back to the service / application ?
Thanks in advance