I was taking some tutorials on Wireshark in order to analyze the packets sent and received when talking to a web server for purposes of learning.
When I start listening/recording packets in Wireshark, there where so many packages being recorded (700 packages per minute). Is it normal to have that much traffic if I have all the programs that will cause traffic such as all browsers, log me in, dropbox, goto meeting, etc., closed?
In order to try to solve the problem I am analyzing random packets. Take for instance this filter:
I just selected a random IP: 74.125.130.99.
So how can I know from what program those packets where created? Also how can I get more info about that communication bwtween my computer (192.168.0.139) and that server (74.125.130.99)?
I just selected a random IP from the Wireshark capture. There are also other IPs that I have no idea why they are communicating with my computer. How can I figure that out?
Best Answer
The process id doesn't make it onto the stream that Wireshark is reading.
Netmon is better suited for this task on Windows.