how can I configure wireshark for to only show port 25?

Posted on 2012-09-18
Last Modified: 2012-10-08
I want to sniff an interface for just port 25 traffic to see what is sending out spam in our org.

Question by:NAMEWITHELD12
    LVL 43

    Assisted Solution

    In the capture filter field within capture, options, type:

    port 25
    LVL 17

    Assisted Solution


    This was done on v1.8.1 so give this a try:

    Under capture, select Capture Filters, create a new filter from an existing one on the list, and change the filter name to SMTP and filter string to port 25

    Then back on the main interface in the Filter line type: tcp.port eq 25

    You'll still see broadcast traffic, but everything should be relevant to port 25.
    LVL 20

    Accepted Solution

    Note - unless you put this in place as part of the flow (ie it has two network cards and the emails pass through it) you may need to connect it to a switch and make that port promiscuous or you will not see any traffic
    LVL 1

    Author Comment

    tcp.port eq 25 worked !

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
    From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now