This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi, I'm using a Windows 10 laptop with performance monitor and see occasional network spikes. Is there a WireShark filter I can use to see what's using the bandwidth? It'd be ideal to be able to identify that 50% of all packets are related to application X or going to IP 192.168.1.1.

Thanks

asked 16 Nov '16, 03:39

aetius's gravatar image

aetius
6112
accept rate: 0%


Have you tried to use Statistics -> Conversations and sort the lines by Packets or Bytes, A->B or B->A, by clicking the header of the respective column?

Wireshark won't tell you which application is responsible for a particular traffic; for that, other tools exist in Windows (I don't remember the name of the one you need in particular, sorry). Indirectly, you can identify applications by the port used at server side.

permanent link

answered 16 Nov '16, 03:50

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Thanks, I'll give that a go

(16 Nov '16, 04:11) aetius

use "netstat -ano" to view all active and listening sockets along with the PID using that socket. Then use "Task Manager" to view the PID and associated application or service.

(16 Nov '16, 15:46) Rooster_50
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×57
×11
×6

question asked: 16 Nov '16, 03:39

question was seen: 1,038 times

last updated: 16 Nov '16, 15:46

p​o​w​e​r​e​d by O​S​Q​A