9
2
I was taking some tutorials on Wireshark in order to analyze the packets sent and received when talking to a web server for purposes of learning.
When I start listening/recording packets in Wireshark, there where so many packages being recorded (700 packages per minute). Is it normal to have that much traffic if I have all the programs that will cause traffic such as all browsers, log me in, dropbox, goto meeting, etc., closed?
In order to try to solve the problem I am analyzing random packets. Take for instance this filter:
I just selected a random IP: 74.125.130.99.
So how can I know from what program those packets where created? Also how can I get more info about that communication bwtween my computer (192.168.0.139) and that server (74.125.130.99)?
I just selected a random IP from the Wireshark capture. There are also other IPs that I have no idea why they are communicating with my computer. How can I figure that out?
Tono Nam
Posted 2012-09-01T14:41:00.083
Reputation: 451
1If you do a whois on that IP address, it shows that it's owned by Google. – sblair – 2012-09-01T14:50:33.100
The command
netstat -b -aon cmd is very helpful too! – Tono Nam – 2012-09-01T16:54:07.390