This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to identify high throughput applications

0

Yep, I’m a Newbie and I don’t even have a clue.

System: Windows 7 64bit

Wireshark is a fantastic program with very powerful features and I like it a lot; but, because of its extensive capabilities it does seem to have a steep learning curve and that’s OK I just need time to learn it.

However, I have a pressing issue with some unknown application that is consuming huge quantities of bandwidth (4GB, 2 days, 40% of monthly allotment). I have identified and blocked a range of offending IPs but other good programs also use some IPs out of that range. What I wish to do is identify the offending program and modify or delete it from the system. The problem is identifying that program.

QUESTION: How do I identify a host application that causes high bandwidth traffic?

asked 21 Oct '13, 09:49

Bluestar's gravatar image

Bluestar
11112
accept rate: 0%

Is that incoming traffic to your web server or outgoing traffic form your clients?

(21 Oct '13, 11:06) Kurt Knochner ♦

you wouldn't not be able to identify the offending program using wireshark. on a windows pc executing netstat -a -b as admin will give you a list of exes along with the ports they are using.

(22 Oct '13, 14:04) net_tech

I may get kicked out from this forum for promoting Microsoft Netmon, but netmon 3.4 will show you what ports are being utilized by what executables.

http://blogs.technet.com/b/netmon/

(28 Nov '13, 08:11) net_tech

@net_tech, no problem with mentioning Net Mon. Note it has now been replaced by Message Analyzer.

(28 Nov '13, 09:10) grahamb ♦

2 Answers:

0

Use process explorer by MS, add network columns sends and receives, sort by sends or receives to see which process is using the most bandwidth.

answered 28 Nov '13, 16:06

tushar's gravatar image

tushar
11224
accept rate: 0%

0

get a trace file -> open it with Wireshark -> Statistics -> check IPv4 tab -> identify the top talker -> go to other upper layer protocol tab, like tcp, udp,etc. to identify a potential top talker

answered 28 Nov '13, 18:13

SteveZhou's gravatar image

SteveZhou
191273034
accept rate: 0%