hi, does wire-shark help track which application is connecting to the internet, just like geoip where we know which ip the os connects to, cause i think there is a rootkit installed in my laptop which connects to a "gay" network somewhere in Korea "175.41.3.0 to 255", i don't want to format and re-install cause all my office work is on the laptop, i tried to use free version of ad-aware but no joy. thanks if anyone knows how to do this.... debby. asked 31 Jan '12, 21:47  debby dale |
One Answer:
No, as of this writing, Wireshark does not yet provide this capability. The feature has been requested in bug 1184; however, it has not yet been implemented by anyone. You might look into using other tools instead, such as netstat or Microsoft's Network Monitor tool if you happen to be working on a Windows platform. answered 31 Jan '12, 22:57  cmaynard ♦♦ |
Still, Wireshark can help to see which port and destination IP is used in conversations, and the port number helps to track down the application using that port when doing netstat -ano or netstat -anb
i will try ms network monitor cause im using win 7..many thanks for your help/