I would recommend that you use utility such as TCPView (http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx) to see what a specific application is doing.
It would be neat to see Wireshark extended to be able to capture traffic on a process and all sub-processes that are spawned - I would recommend that you enter that as a feature request. Regards, Frank From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Sargent Sent: Saturday, January 12, 2008 1:11 PM To: wireshark-users@wireshark.org Subject: [Wireshark-users] Capturing traffic resulting from running a new program Most Windows machines seem to be very busy in terms of the amount of network traffic. Is it possible to set up a filter that basically says "ignore everything that is current showing up"? It would make it so much easier to see what a new program is sending and receiving if you could focus on just its traffic. I realize that such a filter would potentially lose some of the programs traffic when it was indistinguishable from that of another program. DNS look up comes to mind, although even then, the new program is likely looking up different addresses from the already running programs. While I suspect the answer is no, as it seems like a relatively tough problem, I appreciate any suggestions or answers. Thank you in advance, Richard Sargent [EMAIL PROTECTED] http://www.pendragonfarm.com/
_______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
