Menu
Reply
Highlighted
  • 18.6K
  • 1.09K
  • 8K
Very Insightful Person
Very Insightful Person
509 Views
Message 51 of 94
Flag for a moderator

Re: SMTP Failing


@byronwells wrote:

I was running just my iPhone  via hotspot... Do I need to restart wire shark each time a new wireless device is connected to hotspot??


No - but you do need to make sure that you are monitoring the virtual interface for the hotspot.  Details of how to find this are in my post.  When I first tried I monitored the wifi interface only, while I would have expected the packets to be visible, this was not the case.  Once I set it to the hotspot interface, I was able to detect the telnet test from one of the wireless devices (my iPad)

So long as you know what device is given which IP address, you can connect up to 8 devices to the hotspot simultaneously.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Highlighted
  • 60
  • 0
  • 2
Tuning in
494 Views
Message 52 of 94
Flag for a moderator

Re: SMTP Failing

Good news I have finally found the blasted culprit.. Well I hope so.. One Android TV Box that I have not used for ages, turned on and connected to the WIFI and disconnected a month ago .. Now tried it today using the hotspot method and tcp port 25 in wire shark and a load of packets are appearing.. I have tested it with my two phones before that and nothing came up so this must be the culprit.

 

"46 1563.078825 192.168.137.172 74.125.206.188 TCP 103 [TCP Retransmission] 50559 → 5228 [PSH, ACK] Seq=715 Ack=327 Win=15872 Len=37 TSval=276372 TSecr=3525145143"

How do I remove the spam bot from the tv box?  Also what would have happened if I had already got rid of the box which I was going to.... How would I have found and remove it from the network??

0 Kudos
Reply
Highlighted
  • 60
  • 0
  • 2
Tuning in
485 Views
Message 53 of 94
Flag for a moderator

Re: SMTP Failing

Well I have just reset the android tv box and restarted wire shark with that only connect to the hotspot now no packets are showing....  They came up straight away last time 🙂

0 Kudos
Reply
Highlighted
  • 18.6K
  • 1.09K
  • 8K
Very Insightful Person
Very Insightful Person
478 Views
Message 54 of 94
Flag for a moderator

Re: SMTP Failing

That wasn't the culprit anyway.  You evidently didn't set up the capture filter properly

"46 1563.078825 192.168.137.172 74.125.206.188 TCP 103 [TCP Retransmission] 50559 → 5228 [PSH, ACK] Seq=715 Ack=327 Win=15872 Len=37 TSval=276372 TSecr=3525145143"

The bit in red is the port numbers.

So the connection is going from:

192.168.137.172 port 50559 -> 75.125.208.188 port 5228

The traffic we are looking for has port 25

So for spambot traffic you would see 50559 (this number will vary) → 25 or if the traffic was return traffic you would see 25->50559 (again this number would vary)

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 60
  • 0
  • 2
Tuning in
471 Views
Message 55 of 94
Flag for a moderator

Re: SMTP Failing

I have no idea what I have set up wrong.. Because I followed the instructions and setup the hotspot as how was explained on your other posts.. So what did I do wrong??  That way now I don't know if it's anything else and that's why it hasn't be showing.. This is really doing my head in 

0 Kudos
Reply
Highlighted
  • 18.6K
  • 1.09K
  • 8K
Very Insightful Person
Very Insightful Person
450 Views
Message 56 of 94
Flag for a moderator

Re: SMTP Failing

Just as when you set up the first capture you have to remember

1. Single click the relevant interface.
2. THEN put in the capture filter tcp port 25.  If you put in the capture filter first, when you click the interface, the capture filter will be lost.

You are getting there though as the local IP address does show that you were definitely capturing packets from the hotspot interface.  Just not limiting them to the right packets.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Highlighted
  • 60
  • 0
  • 2
Tuning in
435 Views
Message 57 of 94
Flag for a moderator

Re: SMTP Failing

Here are the things that I have that uses the WIFI in my house,

  1. Laptop
  2. Iphone
  3. Samsung Galaxy
  4. LG Smart TV
  5. Samsung Blue Ray Smart Surround System
  6. Sky HD+ Box
  7. Epson Printer
  8. IPad
  9. Virgin Super Hub
  10. Andriod TV Box
  11. Xbox One

From an previous post someone has said it can't be the Android TV Box due to that not be connected for months.  I hardly use the Epson Printer at all, and I have not turned on the Xbox One or even the IPad for months so it can not be those items because they are not communicating with the WIFI when they are off, and I am getting blacklist on that spam (website) in a few days or even hours...

Even tho I did run the Android TV box and it did find some packets on it...

The other items I do use on a daily basis and has searched wire shark on them and no packet appears

 

0 Kudos
Reply
Highlighted
  • 60
  • 0
  • 2
Tuning in
412 Views
Message 58 of 94
Flag for a moderator

Re: SMTP Failing

I am just wondering in regards spamhaus website where it tells you if you are blacklisted or not.. If I got my IP removed at 8:35, but then 5hours later I am baco on it, does it mean that one of those devices that we being used/on during that period is the culprit??

How do I make sure I am removing the correct IP address, when I search the Internet it gives me a different IP address to one that My Security software gives for the super hub...

Highlighted
  • 60
  • 0
  • 2
Tuning in
410 Views
Message 59 of 94
Flag for a moderator

Re: SMTP Failing

I have just had another thought.. I have always used the laptop and two phones constantly for years and never had this problem, and this problem only really happened about a month ago.. I only really started using the smart tv function about a month ago watching YouTube, and Amazon Prime through it.  So it could it be the TV?

Highlighted
  • 18.6K
  • 1.09K
  • 8K
Very Insightful Person
Very Insightful Person
351 Views
Message 60 of 94
Flag for a moderator

Re: SMTP Failing


@byronwells wrote:

I am just wondering in regards spamhaus website where it tells you if you are blacklisted or not.. If I got my IP removed at 8:35, but then 5hours later I am baco on it, does it mean that one of those devices that we being used/on during that period is the culprit??

How do I make sure I am removing the correct IP address, when I search the Internet it gives me a different IP address to one that My Security software gives for the super hub...


Congratulations - now you are starting to use your head.  While my posts can give some of the knowledge to help people.  You do need to do a bit of thinking for yourself about how to identify things.  Remember in the current configuration we can only test the laptop and wireless devices.  We can't test wired devices.

So what you need to do is stop and have a think about precisely what devices were connected at that time?  Wired and wireless.

With regards to the hubs IP address, the hub has two of them (and if you think that's bead wait til IPv6 kicks in ROFL).

IPv4 routers have two address ranges of note:

internal address.  This is the address used by devices on the LAN to talk to the hub. - This is usually in the 192.168.x.x range
External address.This is the address that systems outside your network see your traffic as coming from.

The external address is what you see when you go to whatismyipaddress.com  This is the address that is used by Spamhaus and other blacklist providers.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks