I would just run the capture without a
filter to collect all the data. Then you can apply display filter when you view
it to narrow it down to things like:
- just
packets sent from your IP Address
- all
HTTP packets sent from your IP address
That should give you most of what’s
going on. I would shut down all applications on the machine that aren’t
needed prior to doing your capture to cut down on application traffic that you
are already aware of unless you want to see that too.
john
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jack D. Slater
Sent: Wednesday, June 11, 2008
10:54 PM
To: 'Community support list for
Wireshark'
Subject: Re: [Wireshark-users]
Newb question please
do I do this by running the capture?
any specific filter I should use to narrow the scope?
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sheahan, John
Sent: Wednesday, June 11, 2008
8:37 PM
To: Community support list for
Wireshark
Subject: Re: [Wireshark-users]
Newb question please
You can see exactly what URL’s your
machine are going to and the IP addresses and ports that other applications are
accessing but I don’t know of any way to tie a destination URL for
instance to the spyware program that is telling it to go there (as an example).
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jack D. Slater
Sent: Wednesday, June 11, 2008
8:34 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Newb
question please
Thanks
in advance for helping.
Can
I use Wireshark to tell me what traffic, from what program, is outbound over my
network and/or PC to the Internet?
If
so, what's the best way?
Thanks
again!
No
virus found in this incoming message.
Checked by AVG.
Version: 8.0.100 / Virus Database: 270.2.0/1497 - Release Date: 6/11/2008 8:32
AM