Ask Your Question

Finding a device sending spam emails

asked 2019-04-15 09:14:39 +0000

Accolon gravatar image

There is a device in out home network periodically sending spam emails. Our internet provider blocked our internet access due to this reason. I scanned all devices with diferent malware scanners but couldn't find the responsible device. The provider cannot tell us which one it is. All I know is the date and time the emails are sent. Is there a possibility to track the traffic and, given we know date and time, find out which device was active at that sepcific time?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2019-04-15 11:39:12 +0000

Ross Jacobs gravatar image

updated 2019-04-15 11:51:29 +0000

Take a capture with Wireshark and then filter with tcp.port == 25. That should show you any SMTP traffic.

Edit: @grahamb is correct here. I should have specified that you would need to take this capture on the upstream device, whichever that is. Without some networking/IT background, this will be difficult for you to accomplish

If you are not versed in networking / IT, you may want to talk to a friend or hire a consultant, as getting your internet access back will likely require hands-on expertise.

edit flag offensive delete link more



This would only work if they can capture on EVERY device, or capture on the typical home router\modem\access point, which generally isn't an option.

grahamb gravatar imagegrahamb ( 2019-04-15 11:46:56 +0000 )edit

answered 2019-04-15 11:45:45 +0000

grahamb gravatar image

In a typical home environment this is not that easy to accomplish as you'll have a single combined router\modem\access point that you are unable to capture on. You could try to capture on each device as suggested in the answer from @Ross Jacobs, but that won't work for mobile devices.

If you are able, installing alternative firmware such as OpenWrt on the router\modem will allow you to capture on the router\modem, but that's not a trivial operation.

edit flag offensive delete link more


Thank you very much for the answers. Just the moment I read the firest one, ESET found a troyjan accessing outlook. So I hope I got rid of the problem now.

Accolon gravatar imageAccolon ( 2019-04-15 14:33:54 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-04-15 09:14:39 +0000

Seen: 41 times

Last updated: Apr 15