Wireshark mailing list archives
Re: Tracking a PC with spam
From: Jason Kepple <jkepple () spoonrivervalley us>
Date: Fri, 30 Sep 2016 09:23:03 -0500
Ok thanks for the tip On Thu, Sep 29, 2016 at 3:50 PM, Kurt Buff <kurt.buff () gmail com> wrote:
Jason, You're likely using the wrong tool for this effort. Assuming the spam is heading outside of your org, I'd look at your firewall - and block port the relevant ports outbound for anything except your designated internal mail servers (these would be ports 25, 587 and the various IMAP/POP ports). Then look at the denies in your firewall logs. If somehow the spambot is using your internal email infrastructure to relay the spam, it's time to look at your server logs, and see which machine is doing the spamming. Kurt On Thu, Sep 29, 2016 at 10:31 AM, Jason Kepple <jkepple () spoonrivervalley us> wrote:Hi, I'm new to wireshark. In our organization we have a users accountthatis sending out a lot of spam everyday. Can I use wireshark to find outwhichPC is sending these emails? I tried setting one of our Switches ports to Mirror mode so I could capture all the packets being sent from our PCs on that switch. Because we have multiple switches I thought this mightnarrowit down. However, I'm not sure what I'm looking for. What filter should I use to only see email packets? ___________________________________________________________________________Sent via: Wireshark-users mailing list <wireshark-users () wireshark org Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe____________________________________________________________ _______________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject= unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Tracking a PC with spam Jason Kepple (Sep 29)
- Re: Tracking a PC with spam Kurt Buff (Sep 29)
- Re: Tracking a PC with spam Jason Kepple (Sep 30)
- Re: Tracking a PC with spam Kurt Buff (Sep 29)