This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is there any way I can capture all packets from my ethernet network adapter from the point where my desktop is first displayed? The reason being my pc hangs upon windows startup, for a good minute or more... I have noticed using procmon.exe that although it seems nothing is happening, procmon.exe reports svchost.exe is looking at almost every file on my computer. then after a while, this 'hang' status disappears and my startup items, as listed in msconfig then start up. Therefore, putting wireshark into my startup programs will not serve the purpose because I want to see what traffic is taking place during this apparent 'hang' at startup. I have run a full virus scan with kaspersky pure and no treats appear. Any suggestions most welcome and thank you in advance.

asked 19 Sep '10, 15:49

Stezzer4298's gravatar image

Stezzer4298
1112
accept rate: 0%

edited 26 Sep '10, 01:53

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245


Wireshark, just like any other packet capturing software, can only be started after the PC has been started up. You need to use a second PC to capture the packets of the PC whose network traffic of the boot-process you want to capture. You can either use a (real) hub to duplicate the packets, a switch with mirror capabilities, a network tap or create a machine-in-the-middle machine.

These options are explained on the wireshark wiki:

permanent link

answered 20 Sep '10, 00:23

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thank you SynBit for your explanation with reference link, I really appreciate your help and will give this a try.

(24 Sep '10, 09:56) Stezzer4298

If someone with rights to install a service, I'd suggest using the AutoExNT utility as supplied from the resource kits, and running dumpcap from the associated BAT file. This link provides instructions for an out-of-date OS, but they work on xp & windows 7.

http://support.microsoft.com/kb/243486

permanent link

answered 20 Jul '12, 13:27

kcullimo's gravatar image

kcullimo
1
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×549
×254
×205
×3

question asked: 19 Sep '10, 15:49

question was seen: 17,789 times

last updated: 20 Jul '12, 13:27

p​o​w​e​r​e​d by O​S​Q​A