Ask Your Question

Configuring Wireshark to ID Local Apps Downloading Thru svchost

asked 2022-07-19 22:35:08 +0000

Is there a way to config WIRESHARK to display apps/programs on my PC that are using svchost.exe to download. I have Win10 set to pause updates for a month and have configured as many apps as I can to not automatically download updates or backup data remotely, yet I just went thru over an hour where "something" downloaded 600MB via svchost. I have Norton 360 running and Malwarebytes and just ran both doing full system scan and all is "clean". I did run netstat -b in elevated cmd prompt but could not find culprit there (difficult to look through anyway). Thanks!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2022-07-20 18:53:46 +0000

grahamb gravatar image

Wireshark cannot currently do this, but such capture can be made using the built-in Windows capture tool PktMon.

The tool is available in Windows 10 builds 19041 (20H1) or later

edit flag offensive delete link more


Thanks a ton! Looking at the tool and commands right now.

NCBlacksmith gravatar imageNCBlacksmith ( 2022-07-20 22:10:00 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2022-07-19 22:35:08 +0000

Seen: 108 times

Last updated: Jul 20 '22