Working out the total GB of data seen in a packet capture

asked 2024-02-08 03:56:08 +0000

mphaz gravatar image

updated 2024-02-08 03:59:54 +0000


I have a 32 min trace of a Windows 11 build connecting to the internet/Intune downloading software/config (not O/S). The trace in the Capture File Properties says in the Statistics section for Bytes shows 35548732 = 33MB which doesn't seem accurate as it downloaded Office in that time, and 11 other bits of software. Windows it's self says data used since build was 3GB over the network.

I run the wireshark trace at the host level and pointed it at Vswitch dedicated to a single VM guest, so all data flowing to that switch should be everything for the guest to send/receive, and 33M just doesn't seem right, so hopefully someone can tell me how to do this correctly!

edit retag flag offensive close merge delete