# Which packet capture program to use?



## ltn (Oct 22, 2011)

I have a piece of software that I suspect is sending unwanted data over the internet to some IP address. I'm not an expert in anything related to computer networks, but I figure I could use such software after playing around a little with it.

What application could I use that would so the following:

a) capture all the bytes the application is trying to send out so that it seems to the application it is doing it and see the place it was trying to send it

b) after inspecting the data, if it was ok, send the packages to wherever it was supposed to go so that it seems the original application sent that

Thanks for help, 
LTN


----------



## Wand3r3r (Sep 17, 2010)

netstat /? at a command prompt

netstat will give you a list of connected ipaddresses/ports


----------



## ltn (Oct 22, 2011)

I cannot find where I could log the data from the application, nor prevent the application from sending it. Diesel netstat really have the functionality I was looking for? It does show the addresses and ports but this is not enough


----------



## reventon (Oct 16, 2009)

TCPView from Sysinternals will tell you if the program is using the network and has more detail than netstat - http://live.sysinternals.com/Tcpview.exe

However, I do not believe it captures traffic.

Look up *Wireshark* for traffic capture. I do not have the time to go through exactly how to use it, the documentation is good.

Bear in mind that even if you do capture the data you are only going to easily understand it if it's in plain text.


----------



## Dave Atkin (Sep 4, 2009)

I would recommend Wireshark. Its easy to use and has helped me out on many occasions.

Dave


----------



## Wand3r3r (Sep 17, 2010)

Itn do you know which program you are concerned about or are you trying to figure out if you have been hacked/infected?

netstat tells you all of the open ports and their associated ip addresses. You would test each ip address with a nslookup that ip to see what might be on the other end.


----------



## JimE (Apr 16, 2009)

Ethereal / wireshark


----------

