¿what is the windows event when run wireshark? asked 05 Jun '14, 02:22  agonsed |
One Answer:
There is no special windows event for Wireshark, but if you enable Security Audit Logging on Windows, it will log every process start with the event ID 4688. The log entry contains the process name, user, etc.
Regards answered 05 Jun '14, 13:41  Kurt Knochner ♦ |
Your question doesn't make much sense to me, can you try to describe your issue another way?
I guess he wants to know what event ID shows up in the windows event log when Wireshark is run. Probably to be able to detect if anyone is using Wireshark unauthorized.