Yep, I’m a Newbie and I don’t even have a clue. System: Windows 7 64bit Wireshark is a fantastic program with very powerful features and I like it a lot; but, because of its extensive capabilities it does seem to have a steep learning curve and that’s OK I just need time to learn it. However, I have a pressing issue with some unknown application that is consuming huge quantities of bandwidth (4GB, 2 days, 40% of monthly allotment). I have identified and blocked a range of offending IPs but other good programs also use some IPs out of that range. What I wish to do is identify the offending program and modify or delete it from the system. The problem is identifying that program. QUESTION: How do I identify a host application that causes high bandwidth traffic? asked 21 Oct '13, 09:49  Bluestar |
2 Answers:
Use process explorer by MS, add network columns sends and receives, sort by sends or receives to see which process is using the most bandwidth. answered 28 Nov '13, 16:06  tushar |
get a trace file -> open it with Wireshark -> Statistics -> check IPv4 tab -> identify the top talker -> go to other upper layer protocol tab, like tcp, udp,etc. to identify a potential top talker answered 28 Nov '13, 18:13  SteveZhou |
Is that incoming traffic to your web server or outgoing traffic form your clients?
you wouldn't not be able to identify the offending program using wireshark. on a windows pc executing netstat -a -b as admin will give you a list of exes along with the ports they are using.
I may get kicked out from this forum for promoting Microsoft Netmon, but netmon 3.4 will show you what ports are being utilized by what executables.
http://blogs.technet.com/b/netmon/
@net_tech, no problem with mentioning Net Mon. Note it has now been replaced by Message Analyzer.