Finding messages from an IP range

New Contributor

Hi

 

Is it possible to use message-trace to find messages from a range of IP addresses without knowing either the sender or the precise IP address?

 

Running this query:

Get-MessageTrace -StartDate 2021-02-14 -EndDate 2021-02-24 | Select FromIP,SenderAddress,received,Status,MessageID,Subject | Where-Object {$_.FromIP -Like "184.*"} | ft

 

Returns 14 results, the same query with "SenderAddress" omitted from Select only returns 13!  And neither query returns any results more than ~1 day old (I have verified that there should be other results).

 

Any ideas out there?

 

Thanks

 

Peter

3 Replies

You're effectively using client-side filtering, meaning that if you want proper results, you have to fetch all the messages for specific dates first. And for that, you'll need something more robust than a one-liner. There are ready to use scripts available online, look them up.

@Vasil Michev Hi.  I have Googled my heart out looking for an answer to this question but have found nothing that relates to IP Ranges, only single IP addresses.

 

If you could be so kind as to point me in the direction of where where to look up these scripts I'll take it from there.

 

Regards

 

Peter

Sorry, I was referring to the "get all messages" type of script. You will have to do the filtering on IP/ranges on the client side, after you've gathered all messages.