Can someone explain me in detailed how can i setup wireshark to locate which ip address of our network is causing problem to port 25
asked 06 Aug '12, 02:02
By "problem", you mean spam, right?
O.K. you need to capture the traffic "in front" of your internet access router. Please take a look at the Capture Setup to learn how to do that.
Then start capturing TCP connections on port 25. See Capture Filters to learn how to do that (Filter: port 25).
Wait some time (minutes, hours). Then analyze the captured data.
First look at the conversations:
Sort the output for "Address A". The host with the most entries (IGNORE your internal mail server), is most likely the one that sends spam mails directly.
However: If the spam bot sends mail through your mail server, it will be more work to find the system that sent the mail. Please come back, think this is the case, and after you have done the fist step.
answered 08 Aug '12, 03:52
Kurt Knochner ♦