Ask Your Question
0

Application grouped traffic?

asked 2025-09-01 06:34:21 +0000

DarkSky gravatar image

I'm not a well-informed WireShark user (apologies in advance if this is a stupid question)... I hope for a means of identifying which application is creating WAN traffic. When I see network traffic go through the roof, I want to know what's causing it. Windows Task Manager often shows "Background Task Host" allowing the ultimately responsible application to remain anonymous. If I were trying to figure out whether I had a rogue application sharing my information with an intelligence gathering agency (that knew how to 'fool' Windows Defender and every other Internet security app), I'd want to identify the application or shim responsible. If WireShark isn't the appropriate tool, please educate me on what would be.

Thanks, Mike

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2025-09-01 23:12:41 +0000

Bob Jones gravatar image

Wireshark might not be the best choice for something like this. There are some options here. Note that if your level of paranoia is at the nation-state level, nothing running on the potentially compromised host should be trusted to provide you accurate information.

In this case you could put a network capture system with Wireshark external to this potentially-compromised system under review and start with that traffic as your initial information source. Not a direct link to the application that created it, but at least you have the traffic profile. Encrypted traffic in this case is problematic for you since you won't be able to tell the content to make a final determination of normal or suspicious.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2025-09-01 06:34:21 +0000

Seen: 7,297 times

Last updated: Sep 01