Wireshark-users: [Wireshark-users] Tracking a PC with spam
From: Jason Kepple <jkepple@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 29 Sep 2016 12:31:38 -0500
Hi, I'm new to wireshark. In our organization we have a users account that is sending out a lot of spam everyday. Can I use wireshark to find out which PC is sending these emails? I tried setting one of our Switches ports to Mirror mode so I could capture all the packets being sent from our PCs on that switch. Because we have multiple switches I thought this might narrow it down. However, I'm not sure what I'm looking for. What filter should I use to only see email packets?