We have recieved some laptops from an out of business group. What I'm curious in is can we use wireshark to see if there's any kind of monitoring service? The login at Windows 7 says that monitored for authorized use, so my company is interested in if there was any monitoring involved or if it was just a ploy to help good behavior (more about curiosity really). The laptop is a T520 (2nd gen I7) with TPM and bitlocker enabled. We have all the system passwords/keys ect. Just wondering what the filter setup would be so that I only capture traffic from the laptop to the internet and back. No need scanning all the other traffic coming from within our own network (where of course these's tons and tons of).
Thank you very much for the help.