Wireshark-users: Re: [Wireshark-users] need to track email

From: Abhik Sarkar <sarkar.abhik@xxxxxxxxx>
Date: Thu, 21 Jan 2010 08:58:36 +0400
You might want to capture traffic at a point where traffic from all the systems reaches the internet instead of capturing at each system (http://wiki.wireshark.org/CaptureSetup).

Then use Wireshark or one of the many available tools (http://wiki.wireshark.org/Tools) to investigate.

I think ntop (http://www.ntop.org/overview.html) might be of use (though I have never used it myself).

Finally, this link (http://www.cacetech.com/media/network_mysteries/slow_network/) from the Wireshark documentation page might also give you some ideas.

Good luck!

On Thu, Jan 21, 2010 at 1:37 AM, Info <info@xxxxxxxxxxx> wrote:

I have a machine in my organization that is sending spam. Short of going to 300 plus machines can wire shark be configured to track smtp and pop? If so some instructions on configuring wire shark to do this would be VERY appreciated.


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe