This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Our ISP informed us that there is a lot of spam coming from our IP address. I am trying to use WireShark to figure out which PC it is. I did quite a big of searching and the advice is to put set the Capture Filter to port 25. So I deleted all the default filters and added a new one with filter name = Email(Port 25) and Filter String port 25. However, it still captures a log of other traffic (NBNS, ARP, UDP, etc). Any idea how I can pinpoint the computer that sends out that spam?

asked 19 Oct '11, 14:16

hulu's gravatar image

hulu
1111
accept rate: 0%

1

Where did you add the filter? Just in the capture filter list, or did you also apply it in the capture options dialog? Sounds to me like you changed your capture filter list, but probably did not actually select it for the capture itself.

(19 Oct '11, 17:51) Jasper ♦♦
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×20

question asked: 19 Oct '11, 14:16

question was seen: 3,699 times

last updated: 06 Aug '12, 01:43

p​o​w​e​r​e​d by O​S​Q​A