Ask Your Question

Revision history [back]

As correctly pointed out a pcap does not contain process information. Although if the network capture is made on a Windows system using the netsh command you would get an ETL trace file (not a pcap) that does contain this information and using the right tools you would get a pcap.

If you only have a pcap to go on, the first step is to look at which protocols where captured. This can be found in the statistics > protocol hierarchy.

Small question, please point out if it is an academic exercise or not. It is not that we don't want to help you. I just don't want to make your homework and if you are really having a security incident let us know and we will try to help you further but you will need things like sysmon logs on the system and a bit of command line kung fu to start with.