Hi , I'm getting unwanted packet from particular PC which is getting denied on firewall due to policy, So we used packet capture in that PC which application or resource from PC trying to generate the packet. We found the destination IP which is microsoft IP. But still though we dont know which application trying to generate that Traffic from that PC. Is there a way to identify which application from the PC trying to generate the traffic ? --Diwa asked 09 Oct '13, 09:00  Diwa |
2 Answers:
Maybe this blog post can help a little: http://blog.packet-foo.com/2013/04/the-packet-analysts-self-check/ answered 09 Oct '13, 13:05  Jasper ♦♦ Thanks For the Answer, Let me follow ur steps. Thanks Once again --Diwa (10 Oct '13, 10:18) Diwa |
Yes, use Microsoft Network Monitor and capture with it while the PC generates the traffic. Netmon will also list the process that created the traffic. Regards answered 09 Oct '13, 13:29  Kurt Knochner ♦ edited 09 Oct '13, 13:30 Thanks For the Answer, Let me follow ur steps. Thanks Once again --Diwa (10 Oct '13, 10:18) Diwa |
This isn't really a wireshark question...and there's probably lots of different ways people would do this. If it were me and I had access to the source PC, I try to get "netstat -b" output when you see one of these connections. Then you can map the connection to a process, and work backwards from there.