Wireshark mailing list archives
Re: Tracking a PC with spam
From: Kurt Buff <kurt.buff () gmail com>
Date: Thu, 29 Sep 2016 13:50:04 -0700
Jason, You're likely using the wrong tool for this effort. Assuming the spam is heading outside of your org, I'd look at your firewall - and block port the relevant ports outbound for anything except your designated internal mail servers (these would be ports 25, 587 and the various IMAP/POP ports). Then look at the denies in your firewall logs. If somehow the spambot is using your internal email infrastructure to relay the spam, it's time to look at your server logs, and see which machine is doing the spamming. Kurt On Thu, Sep 29, 2016 at 10:31 AM, Jason Kepple <jkepple () spoonrivervalley us> wrote:
Hi, I'm new to wireshark. In our organization we have a users account that is sending out a lot of spam everyday. Can I use wireshark to find out which PC is sending these emails? I tried setting one of our Switches ports to Mirror mode so I could capture all the packets being sent from our PCs on that switch. Because we have multiple switches I thought this might narrow it down. However, I'm not sure what I'm looking for. What filter should I use to only see email packets? ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Tracking a PC with spam Jason Kepple (Sep 29)
- Re: Tracking a PC with spam Kurt Buff (Sep 29)
- Re: Tracking a PC with spam Jason Kepple (Sep 30)
- Re: Tracking a PC with spam Kurt Buff (Sep 29)