Re: [ Process Information proposal + doubts on Capture Permissions ]

[Brandon Carpenter <hashstat () pnnl gov>]

Kunal,

Ashish is correct.  Hone works with UDP and RAW sockets.  So if a RAW 
socket is used for ICMP, such as with ping, it will correlate back to 
the process.  Packets are matched to the socket and the socket is 
matched to the process which created it.  Most ICMP is correlated to a 
kernel thread.  The other issue is that when a file descriptor is 
dup'ed, such as in a fork, data sent/received with the new file 
descriptor will show up under the original process.

Brandon

P.S. - Sorry if this message appears twice.  I sent it from the wrong 
address the first time.

On 05/03/2013 05:01 AM, Ashish Raste wrote:
> Hi Kunal,
>
>     Message: 1
>     Date: Fri, 3 May 2013 06:20:34 +0530
>     From: kunal bansal <kunalbansal.02 () gmail com
>     <mailto:kunalbansal.02 () gmail com>>
>     To: wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org>
>     Subject: [Wireshark-dev] Wireshark-dev: Re: [ Process Information
>             proposal + doubts on Capture Permissions ]
>     Message-ID:
>            
>     <CAJmrNucT6KG4Po0p8ejQ_6MELjZm6ZWbPfgt-LsRKpT7XOQc6g () mail gmail com <mailto:CAJmrNucT6KG4Po0p8ejQ_6MELjZm6ZWbPfgt-LsRKpT7XOQc6g () mail gmail com>>
>     Content-Type: text/plain; charset="iso-8859-1"
>
>     Brandon Carpenter Sir,
>     Low level authorization and kernel adjust are nice advantages
>     Does the HoNe Project works on UDP connections??
>
> Yes, it will work on UDP connections too. But I am not sure of ICMP 
> packets, have to check them.
>
> Best,
> --
> Ashish




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe