Rogue Computer on my network; how do i find it with Wireshark?


My users started getting bounce back emails today and i found we were blacklisted suddenly, I am told the reason for this is one of the machines on my network is sending out spam, a spam bot, How do i find out which computer on my network is doing this? I have ran wireshark all day but in looking at the results not sure what i am looking for. Can someone help me? Or is there an easier way to find this out? Thank you in advance.



It’s probably easiest to flag all outgoing connections to remote port 25 in your firewall. The machine which makes the most is most likely the culprit.