Hello - I'm trying to find out if someone on our network is inadvertantly sending out spam email because of a virus or spyware. I have wireshark loaded on my pc and was hoping to be able to look at traffice on port 25 to see if there is a lot of email going out from a certain IP address. Is this possible? I have read briefly through their help but I'm not "getting it". We have a small cisco network and a Cisco ASA firewall.
besides the former comment you also has to check the interface is started in promiscuous mode... if not you will only see the traffic sent to/comming out of the sniffing station.
Sorry - what do you mean by "put a port on monitor mode?"