Tracking a PC with spam

[Jason Kepple <jkepple () spoonrivervalley us>]

Hi, I'm new to wireshark. In our organization we have a users account that
is sending out a lot of spam everyday. Can I use wireshark to find out
which PC is sending these emails? I tried setting one of our Switches ports
to Mirror mode so I could capture all the packets being sent from our PCs
on that switch. Because we have multiple switches I thought this might
narrow it down. However, I'm not sure what I'm looking for. What filter
should I use to only see email packets?

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe