I am trying to find out why "something" is downloading hundreds of kbytes of data as soon as the internet connection is established. This kills the satellite phone which is connected via USB, but I see the same spurious data on a bluetooth connected 3G phone. I am running a new install of WS, with no filters configured, and it shows absolutely no activity. This is despite me having set Properties for both Winpcap and Wireshark (executables) to run as Admin, and my own account is an Admin account. I have also reinstalled WS by running the install program as Administrator. What I have not done is installed Winpcap individually, as Administrator, but I have set its installed executable to run as Administrator. There is something fundamentally wrong. I see four interfaces listed Local area connection 1 Wifi Local Area connection 2 Bluetooth Network Connection and all four, under Details, show "Disconnected", which is obviously wrong since I hae a working and active connection to the bluetooth attached phone. I have previously used WS under winXP and if I recall correctly it worked right away. It looks like the default config is NO filters, so the packet listing should show everything. asked 21 Mar '14, 08:58  Peter Holtz edited 21 Mar '14, 09:27 |
2 Answers:
WinPcap doesn't support Bluetooth capturing. If the phone appears as a PPP connection, that won't work either, as WinPcap doesn't support capturing on PPP connections on Vista and later. answered 21 Mar '14, 14:02  Guy Harris ♦♦ |
I solved it finally with the win8 Resource Monitor. It shows traffic nicely, on all network connections. What it often doesn't show is which process is generating the traffic. For example I see lots of small bits of data caused by PID 1424 but there is no obvious way to find which executable is PID 1424. The issue was locating which win8 processes kill the connection to my satellite phone, which is only 9.6kbytes/sec. The biggest culprits turned out to be the Bing feature in IE10 (which can be uninstalled but you have to install another search engine first) and the Compatibility View feature in IE10 (which can be turned off, but it takes a while to find the checkbox). In comparison, Chrome is much worse and does a lot of background chatter and there is no way to disable it. answered 24 Mar '14, 03:10 Peter Holtz |
