Wireshark – how to capture relevant data

  1. Clear ARP cache
  2. Clear NETBIOS name cache (nbtstat -R)
  3. Clear DNS resolver cache (ipconfig /flushdns)
  4. Close open sockets relating to the application in question:
    netstat -ano | find "port number"
    taskkill -PID "PID"
    then kill the process (identified by the PID column) in task manager or taskkill command:

    C:\Users\Administrator>netstat -ano | find "55060"
      TCP        ESTABLISHED     16176
      TCP        ESTABLISHED     16176
    C:\Users\Administrator>taskkill -PID 16176
  5. Clear the browser cache (if the issue is related to a web browser)

Leave a Reply

Your email address will not be published. Required fields are marked *

seventeen + 3 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.