I have a client that is on a limited Bandwith residential ISP with a daily allocation of 250MB up/down. The user has a PC running WIN 7 Home Premium. She has turned off all known "automatic update" configurations in all of the programs that are installed. But the bandwidth is still being consumed at an unacceptable rate. The PC was recently restored back to its out of box new condition and fresh copies of Windows 7 and Avast Internet Security were installed. Can Wireshark help her determine which Windows program(s) is the culprit? For the record, only one PC is connected to the home network and the ISP is HughesNet in Texas. Thanks. This question is marked "community wiki". asked 30 Aug '11, 10:37 wtg1953 edited 30 Aug '11, 12:20 helloworld |
One Answer:
Wireshark could be used to identify what traffic is being transferred and at what rate, but doesn't directly point to the process that is causing the traffic. You may be able to infer that from the traffic content. As you'll be likely to want this to run for some time, you may want to use dumpcap to do the capture so that the Wireshark UI isn't available for user "experimentation". Microsoft's Network Monitor can show you the process causing the traffic, and you can also use other tools such as TCPView or netstat to find out what process is using a port. answered 30 Aug '11, 11:06 grahamb ♦ edited 30 Aug '11, 13:36 |
I second TCPView.