First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Configuring Wireshark to ID Local Apps Downloading Thru svchost

  • retag add tags

Is there a way to config WIRESHARK to display apps/programs on my PC that are using svchost.exe to download. I have Win10 set to pause updates for a month and have configured as many apps as I can to not automatically download updates or backup data remotely, yet I just went thru over an hour where "something" downloaded 600MB via svchost. I have Norton 360 running and Malwarebytes and just ran both doing full system scan and all is "clean". I did run netstat -b in elevated cmd prompt but could not find culprit there (difficult to look through anyway). Thanks!

NCBlacksmith's avatar
1
NCBlacksmith
asked 2022-07-19 22:35:08 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Wireshark cannot currently do this, but such capture can be made using the built-in Windows capture tool PktMon.

The tool is available in Windows 10 builds 19041 (20H1) or later

grahamb's avatar
23.8k
grahamb
answered 2022-07-20 18:53:46 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thanks a ton! Looking at the tool and commands right now.

NCBlacksmith's avatar NCBlacksmith (2022-07-20 22:10:00 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer