Rogue Computer on my network; how do i find it with Wireshark?


#1

My users started getting bounce back emails today and i found we were blacklisted suddenly, I am told the reason for this is one of the machines on my network is sending out spam, a spam bot, How do i find out which computer on my network is doing this? I have ran wireshark all day but in looking at the results not sure what i am looking for. Can someone help me? Or is there an easier way to find this out? Thank you in advance.


#2

Hi,

It’s probably easiest to flag all outgoing connections to remote port 25 in your firewall. The machine which makes the most is most likely the culprit.