Wireshark mailing list archives
Re: GSoC 2013: Process Information
From: Guy Harris <guy () alum mit edu>
Date: Wed, 24 Apr 2013 13:21:09 -0700
On Apr 24, 2013, at 11:20 AM, Gerald Combs <gerald () wireshark org> wrote:
Polling the system's TCP and UDP connection tables is trivial but its usefulness is limited since it assumes that your interesting traffic has a corresponding table entry at the instant you poll. This may not be the case for short-lived connections such as DNS or DHCP and it certainly won't be the case for ICMP or non-IP protocols. System event tracing (e.g. Event Tracing for Windows, dtrace, or whatever happens to be popular on Linux this month) or Guy's suggestion of exposing process information through libpcap would be better, but neither are trivial.
Exposing it through libpcap requires a way to get it on the underlying OS, which, again, should involve watching for PCB (Process Control Block) creation and destruction rather than polling the tables if at all possible. It would probably be best if the platform-dependent stuff were done in libpcap, if possible, so that it only has to be done in the library, not every application (libpcap's main role in life is to hide platform dependencies from applications, after all), but that wouldn't, by itself, let you get notified of the creation and destruction of PCBs. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- GSoC 2013: Process Information Ashish (Apr 24)
- Re: GSoC 2013: Process Information Gerald Combs (Apr 24)
- Re: GSoC 2013: Process Information Anders Broman (Apr 24)
- Re: GSoC 2013: Process Information Guy Harris (Apr 24)
- Re: GSoC 2013: Process Information Guy Harris (Apr 24)
- Re: GSoC 2013: Process Information Anders Broman (Apr 24)
- <Possible follow-ups>
- GSoC 2013: Process Information Ashish (Apr 25)
- Re: GSoC 2013: Process Information Anders Broman (Apr 25)
- Re: GSoC 2013: Process Information Gerald Combs (Apr 24)