This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Summarising network traffic

0

Hi, I'm using a Windows 10 laptop with performance monitor and see occasional network spikes. Is there a WireShark filter I can use to see what's using the bandwidth? It'd be ideal to be able to identify that 50% of all packets are related to application X or going to IP 192.168.1.1.

Thanks

asked 16 Nov '16, 03:39

aetius's gravatar image

aetius
6112
accept rate: 0%


One Answer:

1

Have you tried to use Statistics -> Conversations and sort the lines by Packets or Bytes, A->B or B->A, by clicking the header of the respective column?

Wireshark won't tell you which application is responsible for a particular traffic; for that, other tools exist in Windows (I don't remember the name of the one you need in particular, sorry). Indirectly, you can identify applications by the port used at server side.

answered 16 Nov '16, 03:50

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Thanks, I'll give that a go

(16 Nov '16, 04:11) aetius

use "netstat -ano" to view all active and listening sockets along with the PID using that socket. Then use "Task Manager" to view the PID and associated application or service.

(16 Nov '16, 15:46) Rooster_50