This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can I use this to detect if I have spyware on my PC?

0

And if so, can I see exactly what data is being transmitted and to what IP? Also, can I get additional info on the IP, like country and service provider, and have the option to block any further communication?

asked 03 Nov '13, 02:06

leebonolo's gravatar image

leebonolo
1111
accept rate: 0%

One Answer:

0

You can use Wireshark to record what your PC is receiving and sending, unless you have a very sophisticated malware infection that manages to either

  • prevent Wireshark from running in the first place
  • ceases doing its communication while the capture is running
  • or hides the packets from Wireshark

All three are not very likely because most Spyware is too stupid to care. If you capture all communication from your PC you can use GeoIP databases to find the locations of the other system (if it is known).

You might want to check my blog for the following posts that may help:

http://blog.packet-foo.com/2013/04/the-packet-analysts-self-check/

http://blog.packet-foo.com/2013/05/wireshark-geoip-resolution-setup/

answered 03 Nov '13, 02:24

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%