This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I can no longer use google search . It says that my network is sending automatic requests. I discovered wireshark and I want to ask if I can use it to know what computer (lan ip) is sending all this queries to google. Maybe it has a virus or something.

If It's possible to do this, how do I do it ? Im not a network specialist.

asked 25 Nov '13, 01:41

Loling%20Stones's gravatar image

Loling Stones
16112
accept rate: 0%

edited 26 Nov '13, 04:44

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237


It's possible for this to happen when you are using a proxy server; therefore, what I would suggest you do first is connect to Google through another internet connection to further see if it is the LAN that's actually causing this. I am still new to Wireshark as well, so I'd like to know the answer to your question as well. (:

Good Luck!

permanent link

answered 25 Nov '13, 06:15

GasShark's gravatar image

GasShark
112
accept rate: 0%

Here is what google recommends to identify the problem.

https://support.google.com/websearch/answer/86640

UPDATE

And what google recommends (installing a few malware /antivirus and scaning for malicios software) is not viable

O.K. then you need to capture the traffic in front of your internet router (LAN side). Please read the following wiki how to do that

http://wiki.wireshark.org/CaptureSetup/Ethernet#Capture_using_a_monitor_mode_of_the_switch

You will need to mirror/monitor the switch port where your internet router is connected to. If you don't have a switch with port mirroring, these are your options:

As soon as you can capture traffic, you need to run that capture for some time (maybe a few minutes, maybe a few hours, maybe days - if the offending device is currently switched off).

BEWARE: You cannot simply run Wireshark for several hours/days, as your system will run out of RAM. Instead, please use dumpcap to capture only traffic to google servers (based on IP ranges). Please read the Wireshark docs to figure out how that works!

http://www.wireshark.org/docs/

Regards
Kurt

permanent link

answered 25 Nov '13, 06:43

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 26 Nov '13, 04:46

The problem exists on all lan's devices, not just a computer. And what google recommends (installing a few malware /antivirus and scaning for malicios software) is not viable if for example you got 50 pcs (i dont have that many) in the network. Also a lot of pcs got top-end antivirus software, so it can be other reason for the high requests sent to google.

I was able to bypass this issue using different google servers (not the one given by DNS), but It would be nice to know how to use Wireshark to find the root of the problem.

(26 Nov '13, 04:16) Loling Stones

see the UPDATE in my answer.

(26 Nov '13, 04:41) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×16
×1

question asked: 25 Nov '13, 01:41

question was seen: 4,861 times

last updated: 26 Nov '13, 04:46

p​o​w​e​r​e​d by O​S​Q​A