"Process Information" task from GSOC2013

[Костадин Хаџибанов <hadzhibanov.kostadin () students finki ukim mk>]

Hello,

I'm contacting you with an intent to request some further info about the task "Process Information" as found on the 
Wireshark's Google Summer of Code 2013 project page.

After a short research on the matter, I cant help but suspect/am getting drawn to the conclusion that this task is too 
simple for a full project commitment, which is then again challenged by the thought I might be overlooking the 
complexity of it.

This task seems like it can be done feasibly well by making a call in C to the commands netstat and tasklist on Windows 
and netstat or ss on Linux and looking up the port given in the Layer 4 packet info in Wireshark in the command output. 
But I dont know the time efficiency of this, so maybe a direct kernel access would be prefered?

However I noticed that when looking up the port of an UDP packet, the port often closes quicky and cant be found in the 
table (I recall someone adressing this issue in the bug page given as a reference), so I suppose a solution to this 
could be a working set data structure, which remembers the set of recently used ports and their PIDs - as to reduce 
memory consumption. I would appreciate feedback on this idea.

I am also interested about possibly working on the tasks "Packet Editor (UI)" and "Packet Editor (CLI)", which are 
features I felt were lacking myself since I started using Wireshark.

Kind regards, Kostadin.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe