Wireshark mailing list archives
Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC?
From: Greg Hauptmann <greg.hauptmann.ruby () gmail com>
Date: Mon, 12 Jul 2010 10:26:05 +1000
thanks Guy re "looks up TCP and UDP packets in the OS's TCP or UDP socket tables" - do you know (simplistically) how Wireshark is different out of curiosity? if it doesn't look up socket tables what does it look up? (this reflects the fact I don't understand the network stack on a Windows PC I guess) On 12 July 2010 03:40, Guy Harris <guy () alum mit edu> wrote:
On Jul 11, 2010, at 3:01 AM, Greg Hauptmann wrote:Is there a way with Wireshark, when running it on a Windows PC (say XP,Vista, or Windows 7), a way to have a column which shows the name of the application/process/service that was requesting/receiving the traffic? For example, it might be "firefox" for some of the internet traffic for example... Currently, no.Or is this just not possible with Wireshark (which uses the WinPCaplibrary under-the-bonnet I think?) Yes, it uses WinPcap, but that's not the issue. As far as I know, no packet capture mechanism directly provides that mechanism; I infer from a statement on the Network Monitor blog that Network Monitor, for example, looks up TCP and UDP packets in the OS's TCP or UDP socket tables to *attempt* to relate packets to processes. Wireshark doesn't do that. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
-- Greg http://blog.gregnet.org/
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- how can I show the application/process that was requesting/receiving traffic on a Windows PC? Greg Hauptmann (Jul 11)
- Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC? Kevin Cullimore (Jul 11)
- Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC? Guy Harris (Jul 11)
- Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC? Greg Hauptmann (Jul 11)
- Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC? Kevin Cullimore (Jul 11)
- Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC? Greg Hauptmann (Jul 11)