I would like to know if it is possible in WireShark to monitor ONLY the activity coming from a single software.
p.e. if I use CSVpad.exe, how can I monitor all activity from CSVpad?
Asked
Active
Viewed 1.5k times
2 Answers
5
Find out what port number the application in question is using and apply a port filter to the capture. Two applications cannot use the same port, so it will be unique.
To find which port your application is using, launch a command prompt as Administrator and run netstat -a -b.
You can add a filter under Capture > Capture Filters...
Then go to Capture > Options and apply the filter to your interface
If you need to capture multiple ports, you can do so like this:
Layne B
- 1,681
4
As far as I'm aware this still isn't possible to do with Wireshark. There is a long-standing enhancement bug request for this feature to be added though in case you want to track it. It's Wireshark Bug 1184.
I believe Microsoft Message Analyzer, the successor to Microsoft Network Monitor, supports this though, although I've never experimented with it myself.
