I am looking for a computer sending email, I have an IP of the source, I am trying to locate the machine. It is internal on our domain, we are using NAT. The emails are getting blocked, I am just trying to the computer, any ideas. All the posts I read, is to use wireshark. I have version 1.6.7
asked 15 Jun '12, 07:56
if you have the IP address of the machine, you don't necessarily need wireshark. There are several options:
If it's a windows machine:
If it's not a windows machine, or nbtstat did not help:
If whatever machine is doing the NAT keeps a record of the internal-IP+port-to-external-IP+port mappings it has in effect at particular times, and you know what time the spam was sent, you could try using that.
answered 15 Jun '12, 10:40
Guy Harris ♦♦