First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

how to prevent a program from closing wireshark?

I am trying to capture packets from a specific program but every time I try and open the program while wireshark is running it automatically closes wireshark and the program im trying to capture packets from. I'm assuming its searching for wireshark.exe in my task manager but I dont know how to bypass this so it stops closing wireshark.

  • I have tried renaming wireshark but it still shows up in my task manager (windwos 10) as wireshark.
  • I have also tried to open the program first and then open wireshark but it still closes both as soon as I run wireshark

Anyone have any ideas?

anonymous user
asked 2018-07-07 21:06:38 +0000, updated 2018-07-07 21:08:18 +0000
edit flag offensive 0 remove flag close merge delete

Comments

This would be a question for a hacker or anti malware forum, because could relate to any program in a Windows system. It has nothing specifically to do with Wireshark. You even left out naming the specific program.

Jaap's avatar Jaap (2018-07-08 05:00:48 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

1

Usually that kind of behavior is seen in malicious programs, or when computer games or other legit software tries to prevent reverse engineering of the game communication patterns.

The easiest way to still get the packets would be to capture not on the computer running the software itself, but on the network, e.g. via SPAN port or TAP. That way the program cannot notice that the communication is captured. See also https://wiki.wireshark.org/CaptureSet...

Jasper's avatar
24.1k
Jasper
answered 2018-07-09 00:05:10 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer