Hello. I have problems with a PC/PCS from my LAN network. One PC made spam on 25 port but i don't know who. My Network is like ex: ROUTER (with wan IP -xxx.xxx.xxx.xxx snd lan IP 192.168.1.1) and many PC's linked to router . I want to install whireshark on a pc from network (192.168.1.2) to monitoring the router to find what PC from LAN made spam on internet. How i can do that with WireShark?
asked 29 Apr '12, 06:47
Unless you can make your router mirror or span the traffic from other ports onto the port to which your Wireshark machine is connected then you will probably not be able to see the traffic as your router is most likely to be a switch and Wireshark will not be able to capture traffic from the other ports.
If you post some more info about your router (make and model) and your WAN type (DSL, Cable, Fibre) we may give you more help.
See the Capture Setup page on the Wiki for more info about capturing.
answered 29 Apr '12, 10:11
as your router does not support port mirroring, there are two "cheap" options.
1.) Buy a cheap switch that is able to do port mirroring (e.g. HP ProCurve Switch 1810G-8, 8-Port, managed) and plug it between your router and the lan switch of your network. Then connect a sniffer to the mirrord port and filter on 'port 25'.
2.) Add a second network interface to your sniffer PC / Laptop and create a brigde between the two interface. Then connect the router to one interface and the lan switch to the other interface. Start sniffing on any one of the interfaces. DON'T switch off the PC/Laptop, as this will interrupt your internet connection. If you're done with sniffing, re-connect the router to the internal switch.
Create a Bridge with Windows 7
Create a Bridge with Linux