Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC?

[Guy Harris <guy () alum mit edu>]

On Jul 11, 2010, at 3:01 AM, Greg Hauptmann wrote:

> Is there a way with Wireshark, when running it on a Windows PC (say XP, Vista, or Windows 7), a way to have a column 
> which shows the name of the application/process/service that was requesting/receiving the traffic?    For example, it 
> might be "firefox" for some of the internet traffic for example...

Currently, no.

> Or is this just not possible with Wireshark (which uses the WinPCap library under-the-bonnet I think?)

Yes, it uses WinPcap, but that's not the issue.  As far as I know, no packet capture mechanism directly provides that 
mechanism; I infer from a statement on the Network Monitor blog that Network Monitor, for example, looks up TCP and UDP 
packets in the OS's TCP or UDP socket tables to *attempt* to relate packets to processes.  Wireshark doesn't do that.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe