Wireshark · Wireshark-users: Re: [Wireshark-users] Which program sent this TCP packet

Wireshark-users: Re: [Wireshark-users] Which program sent this TCP packet

From: Andrew Hood <ajhood@xxxxxxxxx>

Date: Mon, 28 Aug 2006 19:18:37 +1000

Ben Stover wrote:
> After starting Wireshark I detected that a program sent a TCP packet to a domain
> 
> www.tvsweeper-100.de (see attached Snapshot)
> 
> Is it possible to detect which program initiated originally this TCP packet?
> 
> All my Browsers + other Internet tools were closed at this time.
> So it must be some Spyware/Adware
> 
> My virusscanner did not detect anything

0. Please don't send images of packet dumps. It is less traffic and
easier to help you if you send the raw packet.

1. It's not TCP. Its UDP.

2. It is a DNS lookup packet. It comes from your system's DNS resolver.

3. There is no way to find out on whose behalf it was sent.

-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who

References:
- [Wireshark-users] Which program sent this TCP packet
  - From: Ben Stover

Prev by Date: Re: [Wireshark-users] Ping Replys without Request
Next by Date: Re: [Wireshark-users] Protocol Forcing (Decode As)
Previous by thread: [Wireshark-users] Which program sent this TCP packet
Next by thread: Re: [Wireshark-users] Which program sent this TCP packet
Index(es):
- Date
- Thread