This is our old Q&A Site. Please post any new questions and answers at

Can someone explain me in detailed how can i setup wireshark to locate which ip address of our network is causing problem to port 25

asked 06 Aug '12, 02:02

kosman's gravatar image

accept rate: 0%

By "problem", you mean spam, right?

O.K. you need to capture the traffic "in front" of your internet access router. Please take a look at the Capture Setup to learn how to do that.

Then start capturing TCP connections on port 25. See Capture Filters to learn how to do that (Filter: port 25).

Wait some time (minutes, hours). Then analyze the captured data.

First look at the conversations:

Statistics -> Conversation List -> TCP

Sort the output for "Address A". The host with the most entries (IGNORE your internal mail server), is most likely the one that sends spam mails directly.

However: If the spam bot sends mail through your mail server, it will be more work to find the system that sent the mail. Please come back, think this is the case, and after you have done the fist step.


permanent link

answered 08 Aug '12, 03:52

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

Hi I have the same problem than the guy in the first post. I have done all your advice and i have the TCP Conversation list, what I supposed to do next Thanks

(03 Sep '14, 09:42) rafacomu
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 06 Aug '12, 02:02

question was seen: 16,040 times

last updated: 03 Sep '14, 14:01

p​o​w​e​r​e​d by O​S​Q​A