Wireshark – how to capture relevant data

  1. Clear ARP cache
  2. Clear NETBIOS name cache (nbtstat -R)
  3. Clear DNS resolver cache (ipconfig /flushdns)
  4. Close open sockets relating to the application in question:
    netstat -ano | find "port number"
    taskkill -PID "PID"
    then kill the process (identified by the PID column) in task manager or taskkill command:

    C:\Users\Administrator>netstat -ano | find "55060"
      TCP    127.0.0.1:55059        127.0.0.1:55060        ESTABLISHED     16176
      TCP    127.0.0.1:55060        127.0.0.1:55059        ESTABLISHED     16176
    C:\Users\Administrator>taskkill -PID 16176
    
  5. Clear the browser cache (if the issue is related to a web browser)

Leave a Reply

Your email address will not be published. Required fields are marked *

two × 2 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.