• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 449
  • Last Modified:

how can I configure wireshark for to only show port 25?

I want to sniff an interface for just port 25 traffic to see what is sending out spam in our org.


thanks
0
NAMEWITHELD12
Asked:
NAMEWITHELD12
3 Solutions
 
JFrederick29Commented:
In the capture filter field within capture, options, type:

port 25
0
 
bigeven2002Commented:
Hello,

This was done on v1.8.1 so give this a try:

Under capture, select Capture Filters, create a new filter from an existing one on the list, and change the filter name to SMTP and filter string to port 25

Then back on the main interface in the Filter line type: tcp.port eq 25

You'll still see broadcast traffic, but everything should be relevant to port 25.
0
 
edster9999Commented:
Note - unless you put this in place as part of the flow (ie it has two network cards and the emails pass through it) you may need to connect it to a switch and make that port promiscuous or you will not see any traffic
0
 
NAMEWITHELD12Author Commented:
tcp.port eq 25 worked !
0

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now