How to determine what program send the packet recorded in Wireshark?

Posted by Tono Nam on Super User See other posts from Super User or by Tono Nam
Published on 2012-09-01T14:41:00Z Indexed on 2012/09/01 15:40 UTC
Read the original article Hit count: 226

Filed under:

networking

|

wireshark

I was taking some tutorials on Wireshark in order to analyze the packets sent and received when talking to a web server for purposes of learning.

When I start listening/recording packets in Wireshark, there where so many packages being recorded (700 packages per minute). Is it normal to have that much traffic if I have all the programs that will cause traffic such as all browsers, log me in, dropbox, goto meeting, etc., closed?

In order to try to solve the problem I am analyzing random packets. Take for instance this filter:

enter image description here

I just selected a random IP: 74.125.130.99.

So how can I know from what program those packets where created? Also how can I get more info about that communication bwtween my computer (192.168.0.139) and that server (74.125.130.99)?

I just selected a random IP from the Wireshark capture. There are also other IPs that I have no idea why they are communicating with my computer. How can I figure that out?

© Super User or respective owner

Related posts about networking

Networking stopped working on Ubuntu

as seen on Super User - Search for 'Super User'
I installed Ubuntu 10.04 through the Wubi installer (Funny, I installed it today and thought I would have gotten 10.10). I had a network connection and everything was working fine. I rebooted my coumputer a couple of times and then suddenly, I could not connect to the network and when I click the… >>> More
Troubles with start up defenition of networking service in Ubuntu

as seen on Super User - Search for 'Super User'
I use Ubuntu 12.04.1. I put attention that networking script starting in runlevel 0: user@comp:/etc/rc0.d$ chkconfig -l networking networking 0:on 1:off 2:off 3:off 4:off 5:off 6:off When I try to move it working to appropriate run levels I get error: user@comp:/etc/rc0… >>> More
Installing the Elgg Social Networking CMS

as seen on Internet.com - Search for 'Internet.com'
One Open Source CMS that stands out above the rest for small businesses and personal networks is the Elgg open source "social engine," which can be used to create social applications. Scott Clark shows you how to install and get started with this social networking CMS. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More

Related posts about wireshark

wireshark http POST

as seen on Server Fault - Search for 'Server Fault'
Hi I would like to have a http POST request method CAPTURE filter I know it is easy to do it by display filter http.request.method==POST but I need tcpdump compatible I wrote tcp dst port 80 and (tcp[13] = 0x18) But it is not perfect... tcp dst port 80 and (tcp[((tcp[12:1] & 0xf0) 2):4] =… >>> More
How to filter http traffic in Wireshark?

as seen on Server Fault - Search for 'Server Fault'
I suspect my server has a huge load of http requests from its clients. I want to measure the volume of http traffic. How can I do it with Wireshark? Or probably there is an alternative solution using another tool? This is how a single http request/response traffic looks in Wireshark. The ping is… >>> More
Wireshark is not capturing traffic through http://localhost:8888

as seen on Super User - Search for 'Super User'
Currently, my wireshark can capture traffic from http://localhost (traffic that is on port 80) but it won't capture traffic on localhost:8888 Is there any extra configuration/software that I need for wireshark to capture traffic of localhost on this port? I'm running Ubuntu 9.10 >>> More
Multi language support in wireshark

as seen on Super User - Search for 'Super User'
Do we have multiple language support with Wireshark. We are using Windows Xp SP2 and Ubuntu Linux environment. Actually we have a plugin which is UDP based and we have a requirement to Analyse the Information in Packet List Pane and Packet Details Pane to be viewed in other languages like French… >>> More
Saving Wireshark capture settings for future use

as seen on Server Fault - Search for 'Server Fault'
Is there any way to save Wireshark capture options? So it can be reuse after restart Wireshark. Also, if the saved file is in plain text, it's possible to use scripts generating bunch of capture settings, such with different filter setting. Does anyone know? Thanks. >>> More