 | 1 | initial version |
As correctly pointed out a pcap does not contain process information. Although if the network capture is made on a Windows system using the netsh command you would get an ETL trace file (not a pcap) that does contain this information and using the right tools you would get a pcap.
If you only have a pcap to go on, the first step is to look at which protocols where captured. This can be found in the statistics > protocol hierarchy.
Small question, please point out if it is an academic exercise or not. It is not that we don't want to help you. I just don't want to make your homework and if you are really having a security incident let us know and we will try to help you further but you will need things like sysmon logs on the system and a bit of command line kung fu to start with.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
