I would recommend that you use utility such as TCPView (http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx)
to see what a specific application is doing.
It would be neat to see Wireshark extended to be able to capture
traffic on a process and all sub-processes that are spawned – I would
recommend that you enter that as a feature request.
Regards,
Frank
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Richard
Sargent
Sent: Saturday, January 12, 2008 1:11 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Capturing traffic resulting from running a
new program
Most
Windows machines seem to be very busy in terms of the amount of network
traffic. Is it possible to set up a filter that basically says "ignore
everything that is current showing up"? It would make it so much easier to
see what a new program is sending and receiving if you could focus on just its
traffic.
I
realize that such a filter would potentially lose some of the programs traffic
when it was indistinguishable from that of another program. DNS look up comes
to mind, although even then, the new program is likely looking up different
addresses from the already running programs.
While
I suspect the answer is no, as it seems like a relatively tough problem, I
appreciate any suggestions or answers.
Richard
Sargent
rsargent@xxxxxxxxx
http://www.pendragonfarm.com/