how can I configure wireshark for to only show port 25?

I want to sniff an interface for just port 25 traffic to see what is sending out spam in our org.

Who is Participating?
edster9999Connect With a Mentor Commented:
Note - unless you put this in place as part of the flow (ie it has two network cards and the emails pass through it) you may need to connect it to a switch and make that port promiscuous or you will not see any traffic
JFrederick29Connect With a Mentor Commented:
In the capture filter field within capture, options, type:

port 25
bigeven2002Connect With a Mentor Commented:

This was done on v1.8.1 so give this a try:

Under capture, select Capture Filters, create a new filter from an existing one on the list, and change the filter name to SMTP and filter string to port 25

Then back on the main interface in the Filter line type: tcp.port eq 25

You'll still see broadcast traffic, but everything should be relevant to port 25.
NAMEWITHELD12Author Commented:
tcp.port eq 25 worked !
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.