Wireshark mailing list archives
Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC?
From: Kevin Cullimore <kcullimo () runbox com>
Date: Sun, 11 Jul 2010 20:50:07 -0400
On 7/11/2010 8:26 PM, Greg Hauptmann wrote:
thanks Guyre "looks up TCP and UDP packets in the OS's TCP or UDP socket tables" - do you know (simplistically) how Wireshark is different out of curiosity? if it doesn't look up socket tables what does it look up? (this reflects the fact I don't understand the network stack on a Windows PC I guess)
It doesn't attempt to match processes to packets. Network Monitor does.
On 12 July 2010 03:40, Guy Harris <guy () alum mit edu <mailto:guy () alum mit edu>> wrote:On Jul 11, 2010, at 3:01 AM, Greg Hauptmann wrote: > Is there a way with Wireshark, when running it on a Windows PC (say XP, Vista, or Windows 7), a way to have a column which shows the name of the application/process/service that was requesting/receiving the traffic? For example, it might be "firefox" for some of the internet traffic for example... Currently, no. > Or is this just not possible with Wireshark (which uses the WinPCap library under-the-bonnet I think?) Yes, it uses WinPcap, but that's not the issue. As far as I know, no packet capture mechanism directly provides that mechanism; I infer from a statement on the Network Monitor blog that Network Monitor, for example, looks up TCP and UDP packets in the OS's TCP or UDP socket tables to *attempt* to relate packets to processes. Wireshark doesn't do that. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org <mailto:wireshark-users () wireshark org>> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org <mailto:wireshark-users-request () wireshark org>?subject=unsubscribe -- Greg http://blog.gregnet.org/ ___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- how can I show the application/process that was requesting/receiving traffic on a Windows PC? Greg Hauptmann (Jul 11)
- Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC? Kevin Cullimore (Jul 11)
- Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC? Guy Harris (Jul 11)
- Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC? Greg Hauptmann (Jul 11)
- Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC? Kevin Cullimore (Jul 11)
- Re: how can I show the application/process that was requesting/receiving traffic on a Windows PC? Greg Hauptmann (Jul 11)