Menu
Reply
Highlighted
  • 24
  • 0
  • 1
vj531
On our wavelength
426 Views
Message 1 of 36
Flag for a moderator

finding mail Bots (wireshark)

Searching for spambots?

Hi

I followed the Wireshark tutorial and somehow managed to get it scanning Port 25.

Sadly I haven't got a clue what I'm looking at scan wise? 

all the best

Stephen

How does one attach log file here?

 

0 Kudos
Reply
  • 9.96K
  • 1.1K
  • 4.74K
Very Insightful Person
Very Insightful Person
422 Views
Message 2 of 36
Flag for a moderator

Re: finding mail Bots (wireshark)

How do I insert an image in a post?

You can insert an image from your device (this uploads the image before inserting it), from your uploaded images (if the image has already been approved), or from another online location.

 

To insert an image in a post:

 

  • Start a new post.
  • Click the Insert image button in the editor's tool bar (it looks like a camera).
  • Choose one of the sources listed below...

 

To insert an image located on your Device:

 

  • Click the Upload tab.
  • Drag and drop an image from your computer.
  • Type a caption for the image if you want to add some extra info.
  • Choose an image size.

    Note: Full Size inserts the image at the full size of the original file. Small, Medium, and Large insert the image at the sizes defined by the community.
    We don't stretch images, so very small images won't get any bigger regardless of the image size you choose.

  • Choose the format of your image and how you'd like to position it within the post.
  • Click Done.

 

To insert an image you've already uploaded:

 

  • Click the Saved photos tab.
  • Click the image.
  • Choose an image size.
  • Choose the format of your image and how you'd like to position it within the post.
  • Click Done.

 

To insert an image from the web:

 

  • Click the URL tab.
  • Paste the web address (URL) of your image.
  • Choose an image size.
  • Choose how you want the image aligned and positioned.
  • Click Done.


As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped



  • 24
  • 0
  • 1
vj531
On our wavelength
412 Views
Message 3 of 36
Flag for a moderator

Re: finding mail Bots (wireshark)

So you cannot upload a "FILE"?

this log file is far too big to send a .jpg 

0 Kudos
Reply
  • 3.77K
  • 403
  • 1.35K
Very Insightful Person
Very Insightful Person
375 Views
Message 4 of 36
Flag for a moderator

Re: finding mail Bots (wireshark)

If after following the Searching for Spambots on your network instructions results were returned by the:

  • first run then the spambot is on the device on which Wireshark was run.
  • second run then the spambot is on whichever device was assigned the IP address shown in the Source column beginning with 192.168.

    FYI: the Mobile Hotspot UI will show IP address allocation information along with the device's Physical address (MAC) which can help with identifying the devices.

BTW, you can select the paper clip to attach a file, as highlight in the following image however I would caution against doing this for Wireshark as any mistake in setting up the capture will likely reveal personal information.

2019-11-11.jpeg

 

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

 Use Kudos to say thanks

 Mark as Helpful Answer if I've helped

  • 17.78K
  • 975
  • 7.4K
Very Insightful Person
Very Insightful Person
349 Views
Message 5 of 36
Flag for a moderator

Re: finding mail Bots (wireshark)

@vj531 

If you've set the filter right - you shouldn't see any packets at all unless they are using port 25.  Here's a picture of some I captured on my laptop after installing Hola

holawireshark.PNG

Note: I'm not on a VM connection at this point in time.

If you look at the top section you see the following reading from left to right.

  • Packet number
  • Timestamp
  • Source IP address
  • Destination IP address
  • Protocol  In this case either TCP or SMTP
  • Length of packet
  • Source and destination ports
  • Packet info.

All you need to do at this point is look for the local IP address 192.168.x.x

This is why I start my check on the PC itself with nothing attached to the PC.  After this I connect my wireless devices to the PC's wireless hotspot and check for traffic on the hotspot interface.  Again looking at the 192.168.x.x address.

Note with the hotspot enabled the PC becomes a NAT router for up to 8 wireless devices - so the devices will be on a different subnet to your home network..

Tim

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

0 Kudos
Reply
  • 24
  • 0
  • 1
vj531
On our wavelength
303 Views
Message 6 of 36
Flag for a moderator

Re: finding mail Bots (wireshark)

Thanks for your help

My system is wired Asus router, virgin router in modem, win10 desk top, NAS, 2x cameras, Fire TV 4K, 2x Sky boxes

 Wireless 3x IPads and 3x Alexes and 1x iPhone 

Not sure on setting up ‘PC’ hot spot?

Stephen

0 Kudos
Reply
  • 24
  • 0
  • 1
vj531
On our wavelength
297 Views
Message 7 of 36
Flag for a moderator

Re: finding mail Bots (wireshark)

Ta for that!
But I can’t find that paper clip?
0 Kudos
Reply
  • 4.05K
  • 253
  • 1.26K
Sololobo
Community elder
295 Views
Message 8 of 36
Flag for a moderator

Re: finding mail Bots (wireshark)


@vj531 wrote:

Thanks for your help

My system is wired Asus router, virgin router in modem, win10 desk top, NAS, 2x cameras, Fire TV 4K, 2x Sky boxes

 Wireless 3x IPads and 3x Alexes and 1x iPhone 

Not sure on setting up ‘PC’ hot spot?

Stephen


 

See Stage 3 - turn on Wifi Hostpot and identify hotspot interface from here: https://community.virginmedia.com/t5/Security-matters/Searching-for-Spambots-on-your-network/td-p/40...

 




It's What I Do.
I Drink and I
Remember Things.
  • 17.78K
  • 975
  • 7.4K
Very Insightful Person
Very Insightful Person
270 Views
Message 9 of 36
Flag for a moderator

Re: finding mail Bots (wireshark)

@vj531 

Before we go on to that part - the important thing to ask is this.

  1. Do you see any packets in the wireshark trace - yes or no?
  2. Does it say Capturing TCP Port 25 in the Wireshark title bar - yes or no?

If the answer to both questions is yes then you've found the device sending spam traffic and you don't need to worry about the hotspot section at this point.

Tim

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

0 Kudos
Reply
  • 24
  • 0
  • 1
vj531
On our wavelength
253 Views
Message 10 of 36
Flag for a moderator

Re: finding mail Bots (wireshark)

I'm trying to send a screenshot to show you from yesterday! 😡

EDIT apparently it contained personal info and was not allowed. The source was my PC and Destination was 62.254.26.220 see below

 5 30.042637 62.254.26.220 192.168.0.2 TCP 60 [TCP Dup ACK 1#2] 25 → 56130 [ACK] Seq=1 Ack=1 Win=14600 Len=0

The answer YESTERDAY was Yes & Yes

But I can't get this to work now?

I did sign into Spamhaus and take me off their list or whatever its called.

I'm confused

s.

0 Kudos
Reply