Menu
Reply
Highlighted
  • 60
  • 0
  • 2
Tuning in
553 Views
Message 21 of 94
Flag for a moderator

Re: Anyone Used WireShark?

I meant to say laptop not pc, yes it wireless 🙂

I have searched on wireshark just the wifi section which I thought would have checked the whole WIFI of the house.. 

0 Kudos
Reply
Highlighted
  • 60
  • 0
  • 2
Tuning in
532 Views
Message 22 of 94
Flag for a moderator

Re: Anyone Used WireShark?

After stopping wireshark and rerunning it, and then doing the telenet part to see it was actually running, and then restarting wireshark it now shows 20 packets..

Now what??

0 Kudos
Reply
Highlighted
  • 18.6K
  • 1.09K
  • 8K
Very Insightful Person
Very Insightful Person
531 Views
Message 23 of 94
Flag for a moderator

Re: Anyone Used WireShark?

Even on the wifi front the hub acts as a mediator between all your devices.  Just like a wired switch.  So when you look at traffic on the network adapter you see traffic between your PC and the hub, even though some of the traffic might come from a device on your network - it still comes via the hub.

Your assumption was reasonable, sadly it was wrong.

The second part of the test essentially turns your laptop into a second hub - which can connect up to 8 devices at a time.

The PC will give out IP addresses in it's wifi hotspot range and devices will connect to your PC's wifi hotspot and then connections bound for the net will be channelled via your normal internet connection.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 60
  • 0
  • 2
Tuning in
527 Views
Message 24 of 94
Flag for a moderator

Re: Anyone Used WireShark?

Sorry I am all new to this.. I have run wireshark and it's now showing 42 packets...  However I am clueless to what I am looking it.. How do I know which packet has got the spambot on it?  Or it is all 42 packets??

I have only got windows defender firewall running on my system... So if I have got spambots on my system how do I remove them?

0 Kudos
Reply
Highlighted
  • 18.6K
  • 1.09K
  • 8K
Very Insightful Person
Very Insightful Person
489 Views
Message 25 of 94
Flag for a moderator

Re: Anyone Used WireShark?

Before I answer I'm going to suggest.

1.  Make sure you've shut down telnet following the test and THEN restarted the wireshark capture.  At least one trace I saw seemed to suggest that they still had Telnet open.

2.  Post up a screen grab of the top section, so I can see the IP addresses  shown.  They tell me a lot.  Use the Windows snip tool (have a ply with it)

3.  Make sure none of your mail clients is using out of date email settings..

Be aware that the packets don't contain spambots. The packets show the spambots sending mail to a mail exchanger.  The telnet test is used to make sure the packet capture is set up correctly, In normal use (unless you're using an email provider who still uses outdated settings), you shouldn't see any mail sent using this port.

The fact that you've de-listed your address and it's been added again to the CSS tells us that something on your network is definitely either sending spam or acting as a conduit for spam.    It won't be the hub as the firmware can't be modified by anyone other than Virgin Media.

Tim

 

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Highlighted
  • 60
  • 0
  • 2
Tuning in
470 Views
Message 26 of 94
Flag for a moderator

Re: Anyone Used WireShark?

Sorry my bad Tim, didn't realise about leaving Telenet part open..  Right this is what I have done and hopefully I have got it right this time... 

I have loaded up wireshark. select the WIFI put in tcp port 25 and enter..  Then I opened up command prompt and ran the telenet bit, then it showed packets appearing (so I know wireshark is working).  Then I stopped wireshark and closed command prompt completely, and restarted the search again in wire shark..  Now No packets are found

 

Two things I am curious about as well.. 1) I only use the laptop for my email which is through outlook 2007.  I do have other stuff that uses the WIFI such as two mobile phones, smart tv, xbox, etc. But only laptop is where I am trying to send emails from and having the smtp problem.  So doesn't that mean the problem is the laptop and no other device?

2) I have also got a VPN setup my laptop and when I turned it on earlier today I was able to send emails through outlook 2007

0 Kudos
Reply
Highlighted
  • 14.9K
  • 2.06K
  • 6.45K
Very Insightful Person
Very Insightful Person
467 Views
Message 27 of 94
Flag for a moderator

Re: Anyone Used WireShark?

Thanks, useful additional info.  The spambots will not be using an email client on your laptop.  You mention a VPN, can you tell us which one?

The spambot could be resident on any device using your hubs WiFi, phone, smart TV,  Xbox.  Hence the reason for identifying the suspect device via the internal IP address when checking wireshark as previously advised.

________________________________
Graham

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media, I'm a VM customer. There are no guarantees that my advice will work. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 60
  • 0
  • 2
Tuning in
457 Views
Message 28 of 94
Flag for a moderator

Re: Anyone Used WireShark?

Well I have just test my phone using the hotspot and wire shark and no packets.. I have now got 1 smart tv, SKY HD Box, and a Samsung phone to test..   But I will be surprised if it's on any of them

0 Kudos
Reply
Highlighted
  • 60
  • 0
  • 2
Tuning in
455 Views
Message 29 of 94
Flag for a moderator

Re: Anyone Used WireShark?

i have just tested my smart tv, sky hd box and my iPhone via hotspot setup and wire shark and no packets at all

0 Kudos
Reply
Highlighted
  • 14.9K
  • 2.06K
  • 6.45K
Very Insightful Person
Very Insightful Person
447 Views
Message 30 of 94
Flag for a moderator

Re: Anyone Used WireShark?

Ok, so progress made possibly.

You still haven't said which VPN you have been using.  The free version of Hola has already been found to be a conduit for spambots.

________________________________
Graham

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media, I'm a VM customer. There are no guarantees that my advice will work. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply