Symantec Messaging GatewayPacket capture

Symantec Messaging Gateway version 10.6.x part of the Symantec Endpoint Protection Suite.  
 
Packet capture:
Running the TCPDUMP command
1.    Login to the command line (via SSH “Putty” or locally in the VM console or directly connected with monitor and keyboard) as admin.

2.    Run command “set-support” and create a new password for the support account. (This account will be automatically disabled after 7 days and can be re-enabled without knowing the password by re-running the command)

3.    Logout by typing “exit”  (in a Putty session this will require that you reconnect)

4.    Login with the username “support” and password you created.

5.    Run the “tcpdump” command.

Examples:

Capture only SMTP traffic

    tcpdump -s 0 -w /tmp/capture.cap -i any tcp port 25 -Z support

Gathering the Data to send to a support agent

Any files named *.cap in /tmp/ will be gathered by running a diagnostics.

If you run the diagnostics from the Control Center, you can download the file to your desktop.

OR

You can get the diagnostics by using WinSCP.

1. Download and install WinSCP (Available for free on the internet winscp.net)

2. Connect to the inbound IP of the appliance (The protocol will be SCP and the port 22) with the username support.

3. Browse to /tmp/ to find the diagnostics file. (or the path you directed the diagnostics to)

4. Copy to your workstation.
5. You can use Wireshark to analyze the caputer file.