Wireshark mailing list archives
Finding an intruder
From: Steve Matzura <sm () noisynotes com>
Date: Wed, 14 Dec 2016 21:06:55 -0500
New to the list, been using some version of the Shark way back to Ethernim days, so I'm familiar with its capabilities. It's become quite sophisticated lately, hence the following problem description and question. A friend has a cable Internet provider with data caps. Lately, he's been getting nastygrams from them that he's exceeded those caps, and it's only two weeks into his billing month. Something somewhere is sending and receiving tremendous amounts of data, and I've been taksed to find out what's doing it. So, should I just run Wireshark and capture everything, collect some ridiculous amount of data and hand-analyze it, or might there be a convenient filter out there in Wireshark cyberspace land that could help me narrow the field and nail the culprit? Antivirus, antimailware, antispyware scans all come up clean and green, the DHCP client list on the router has no unknown devices in it, we're stumped, so I'm turning to the best network monitoring tool I know to help me dig this one out. Thanks in advance. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Finding an intruder Steve Matzura (Dec 14)
- Re: Finding an intruder Anne Blankert (Dec 14)
- Re: Finding an intruder Steve Matzura (Dec 14)
- Re: Finding an intruder Anne Blankert (Dec 14)