This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am trying to find out why "something" is downloading hundreds of kbytes of data as soon as the internet connection is established. This kills the satellite phone which is connected via USB, but I see the same spurious data on a bluetooth connected 3G phone.

I am running a new install of WS, with no filters configured, and it shows absolutely no activity. This is despite me having set Properties for both Winpcap and Wireshark (executables) to run as Admin, and my own account is an Admin account. I have also reinstalled WS by running the install program as Administrator. What I have not done is installed Winpcap individually, as Administrator, but I have set its installed executable to run as Administrator.

There is something fundamentally wrong. I see four interfaces listed

Local area connection 1

Wifi

Local Area connection 2

Bluetooth Network Connection

and all four, under Details, show "Disconnected", which is obviously wrong since I hae a working and active connection to the bluetooth attached phone.

I have previously used WS under winXP and if I recall correctly it worked right away. It looks like the default config is NO filters, so the packet listing should show everything.

asked 21 Mar '14, 08:58

Peter%20Holtz's gravatar image

Peter Holtz
11113
accept rate: 0%

edited 21 Mar '14, 09:27


WinPcap doesn't support Bluetooth capturing. If the phone appears as a PPP connection, that won't work either, as WinPcap doesn't support capturing on PPP connections on Vista and later.

permanent link

answered 21 Mar '14, 14:02

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

I solved it finally with the win8 Resource Monitor. It shows traffic nicely, on all network connections.

What it often doesn't show is which process is generating the traffic. For example I see lots of small bits of data caused by PID 1424 but there is no obvious way to find which executable is PID 1424.

The issue was locating which win8 processes kill the connection to my satellite phone, which is only 9.6kbytes/sec. The biggest culprits turned out to be the Bing feature in IE10 (which can be uninstalled but you have to install another search engine first) and the Compatibility View feature in IE10 (which can be turned off, but it takes a while to find the checkbox). In comparison, Chrome is much worse and does a lot of background chatter and there is no way to disable it.

permanent link

answered 24 Mar '14, 03:10

Peter%20Holtz's gravatar image

Peter Holtz
11113
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×254
×2

question asked: 21 Mar '14, 08:58

question was seen: 2,338 times

last updated: 24 Mar '14, 03:10

p​o​w​e​r​e​d by O​S​Q​A