如何测试25端口是在什么地方被filtered？

如何测试25端口是在什么地方被filtered？邮件服务器：RedHat AS4.0+qmail
测试：nmap -P0 -sT -p 25 x.x.x.x
同一个网段检测结果是open，外部检测(移动、联通、电信)都是filtered
怎么才能知道是在什么地方被filtered？

# tcpdump -v port 25
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
#这是同一网段的结果：
10:27:56.087641 IP (tos 0x0, ttl64, id 61832, offset 0, flags , proto 6, length: 60) 210.34.82.66.58376 > mail.domain.com.smtp: S 586226951:586226951(0) win 5840 <mss 1460,sackOK,timestamp 1828973711 0,nop,wscale 2>
10:27:56.118914 IP (tos 0x0, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 210.34.82.66.58376: S 448554597:448554597(0) ack 586226952 win 5792 <mss 1460,sackOK,timestamp 515142999 1828973711,nop,wscale 2>
10:27:56.087837 IP (tos 0x0, ttl64, id 61834, offset 0, flags , proto 6, length: 52) 210.34.82.66.58376 > mail.domain.com.smtp: . ack 1 win 1460 <nop,nop,timestamp 1828973711 515142999>
10:27:56.087852 IP (tos 0x0, ttl64, id 61836, offset 0, flags , proto 6, length: 52) 210.34.82.66.58376 > mail.domain.com.smtp: R 1:1(0) ack 1 win 1460 <nop,nop,timestamp 1828973712 515142999>

#这是其他网段的结果http://www.sanqilvhua.com/：
10:35:06.205193 IP (tos 0x0, ttl48, id 49029, offset 0, flags , proto 6, length: 60) 220.68.94.250.44691 > mail.domain.com.smtp: S 4034378393:4034378393(0) win 5840 <mss 1460,sackOK,timestamp 84083996 0,nop,wscale 0>
10:35:06.205242 IP (tos 0x0, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 220.68.94.250.44691: S 891716822:891716822(0) ack 4034378394 win 5792 <mss 1460,sackOK,timestamp 515573182 84083996,nop,wscale 2>
10:35:09.200397 IP (tos 0x0, ttl48, id 49030, offset 0, flags , proto 6, length: 60) 220.68.94.250.44691 > mail.domain.com.smtp: S 4034378393:4034378393(0) win 5840 <mss 1460,sackOK,timestamp 84084296 0,nop,wscale 0>
10:35:09.200417 IP (tos 0x0http://www.anguschen.com/, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 220.68.94.250.44691: S 891716822:891716822(0) ack 4034378394 win 5792 <mss 1460

如何查找和统计这种记录网络包信息的文本文件（txt）

,sackOK,timestamp 515576177 84083996,nop,wscale 2>
10:35:10.204904 IP (tos 0x0, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 220.68.94.250.44691: S 891716822:891716822(0) ack 4034378394 win 5792 <mss 1460,sackOK,timestamp 515577182 84083996,nop,wscale 2>
10:35:12.222785 IP (tos 0x0, ttl48, id 65325, offset 0, flags , proto 6, length: 60) 220.68.94.250.44692 > mail.domain.com.smtp: S 4040095835:4040095835(0) win 5840 <mss 1460,sackOK,timestamp 84084598 0,nop,wscale 0>
10:35:12.222808 IP (tos 0x0, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 220.68.94.250.44692: S 904399803:904399803(0) ack 4040095836 win 5792 <mss 1460,sackOK,timestamp 515579200 84084598,nop,wscale 2>
10:35:15.200455 IP (tos 0x0, ttl48, id 49031, offset 0, flags , proto 6, length: 60) 220.68.94.250.44691 > mail.domain.com.smtp: S 4034378393:4034378393(0) win 5840 <mss 1460,sackOK,timestamp 84084896 0,nop,wscale 0>
10:35:15.200472 IP (tos 0x0, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 220.68.94.250.44691: S 891716822:891716822(0) ack 4034378394 win 5792 <mss 1460,sackOK,timestamp 515582178 84083996,nop,wscale 2>
10:35:15.221069 IP (tos 0x0, ttl48, id 65326, offset 0, flags , proto 6, length: 60) 220.68.94.250.44692 > mail.domain.com.smtp: S 4040095835:4040095835(0) win 5840 <mss 1460,sackOK,timestamp 84084898 0,nop,wscale 0>
10:35:15.221076 IP (tos 0x0, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 220.68.94.250.44692: S 904399803:904399803(0) ack 4040095836 win 5792 <mss 1460,sackOK,timestamp 515582199 84084598,nop,wscale 2>
10:35:15.803811 IP (tos 0x0, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 220.68.94.250.44692: S 904399803:904399803(0) ack 4040095836 win 5792 <mss 1460,sackOK,timestamp 515582782 84084598,nop,wscale 2>
10:35:16.403698 IP (tos 0x0, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 220.68.94.250.44691: S 891716822:891716822(0) ack 4034378394 win 5792 <mss 1460,sackOK,timestamp 515583382 84083996,nop,wscale 2>
10:35:18.241725 IP (tos 0x0, ttl48, id 8290, offset 0, flags , proto 6, length: 60) 220.68.94.250.44693 > mail.domain.com.smtp: S 4041615794:4041615794(0) win 5840 <mss 1460,sackOK,timestamp 84085200 0,nop,wscale 0>
10:35:18.241749 IP (tos 0x0, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 220.68.94.250.44693: S 912033305:912033305(0) ack 4041615795 win 5792 <mss 1460,sackOK,timestamp 515585220 84085200,nop,wscale 2>
10:35:21.242762 IP (tos 0x0, ttl48, id 8291, offset 0, flags , proto 6, length: 60) 220.68.94.250.44693 > mail.domain.com.smtp: S 4041615794:4041615794(0) win 5840 <mss 1460,sackOK,timestamp 84085500 0,nop,wscale 0>
10:35:21.242783 IP (tos 0x0, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 220.68.94.250.44693: S 912033305:912033305(0) ack 4041615795 win 5792 <mss 1460,sackOK,timestamp 515588221 84085200,nop,wscale 2>
10:35:21.803642 IP (tos 0x0, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 220.68.94.250.44692: S 904399803:904399803(0) ack 4040095836 win 5792 <mss 1460,sackOK,timestamp 515588782 84084598,nop,wscale 2>
10:35:22.003598 IP (tos 0x0, ttl64, id 0, offset 0, flags , proto 6, length: 60) mail.domain.com.smtp > 220.68.94.250.44693: S 912033305:912033305(0) ack 4041615795 win 5792 <mss 1460,sackOK,timestamp 515588982 84085200,nop,wscale 2>
10:35:24.263664 IP (tos 0x0, ttl48, id 64264, offset 0, flags , proto 6, length: 60) 220.68.94.250.44694 > mail.domain.com.smtp: S 4049270562:4049270562(0) win 5840 <mss 1460,sackOK,timestamp 84085802 0,nop,wscale 0>

转自：http://blog.sina.com.cn/s/blog_69fa227e01010xlc.html