Hello! I'm new to wireshark, but I am very thankful for the program. I knew someone was monitoring my PC, but after dozens of anti-viruses came up empty, I turned to wireshark. I quickly recognized an odd IP address sending/receiving data from my computer. Turns out the IP belonged to webwatcher, a hidden remote monitoring service. Is there anyway to decode the information contained beyond the IP address. I tried "decode" tool but was pretty lost. Any help would be greatly appreciated! asked 07 Feb '13, 13:52  pbenn |
One Answer:
The Webwatcher payload data being transferred over IP (presumably using TCP over IP) will be formatted however the application has been designed to format the payload data. Wireshark does not have a dissector for webwatcher so there's no further decoding of the payload data that the present Wireshark can do; It can only show the raw data. Obviously you can assume that the data includes (in some manner) some or all the stuff mentioned in the webwatcher product description. answered 07 Feb '13, 15:08  Bill Meier ♦♦ |
I appreciate you answering. Thanks.