This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Spam port 25

0

Can someone explain me in detailed how can i setup wireshark to locate which ip address of our network is causing problem to port 25

asked 06 Aug '12, 02:02

kosman's gravatar image

kosman
1111
accept rate: 0%


One Answer:

0

By "problem", you mean spam, right?

O.K. you need to capture the traffic "in front" of your internet access router. Please take a look at the Capture Setup to learn how to do that.

Then start capturing TCP connections on port 25. See Capture Filters to learn how to do that (Filter: port 25).

Wait some time (minutes, hours). Then analyze the captured data.

First look at the conversations:

Statistics -> Conversation List -> TCP

Sort the output for "Address A". The host with the most entries (IGNORE your internal mail server), is most likely the one that sends spam mails directly.

However: If the spam bot sends mail through your mail server, it will be more work to find the system that sent the mail. Please come back, think this is the case, and after you have done the fist step.

Regards
Kurt

answered 08 Aug '12, 03:52

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Hi I have the same problem than the guy in the first post. I have done all your advice and i have the TCP Conversation list, what I supposed to do next Thanks

(03 Sep '14, 09:42) rafacomu