Our ISP informed us that there is a lot of spam coming from our IP address. I am trying to use WireShark to figure out which PC it is. I did quite a big of searching and the advice is to put set the Capture Filter to port 25. So I deleted all the default filters and added a new one with filter name = Email(Port 25) and Filter String port 25. However, it still captures a log of other traffic (NBNS, ARP, UDP, etc). Any idea how I can pinpoint the computer that sends out that spam? asked 19 Oct '11, 14:16  hulu |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Where did you add the filter? Just in the capture filter list, or did you also apply it in the capture options dialog? Sounds to me like you changed your capture filter list, but probably did not actually select it for the capture itself.