Wireshark · Wireshark-users: [Wireshark-users] Tracking a PC with spam

[Jason Kepple <jkepple@xxxxxxxxxxxxxxxxxxx>]

Hi, I'm new to wireshark. In our organization we have a users account that is sending out a lot of spam everyday. Can I use wireshark to find out which PC is sending these emails? I tried setting one of our Switches ports to Mirror mode so I could capture all the packets being sent from our PCs on that switch. Because we have multiple switches I thought this might narrow it down. However, I'm not sure what I'm looking for. What filter should I use to only see email packets?