Wireshark · Ethereal-users: Re: [Ethereal-users] Ethereal Version 0.10.6 - Identifying actual program transmitting & recieving I

Ethereal-users: Re: [Ethereal-users] Ethereal Version 0.10.6 - Identifying actual program transm

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Sun, 05 Sep 2004 13:24:34 -0700

mark abrams wrote:

How do I identify the actual program that is
transmitting the packets from my PC to the destination
IP?

You can use a network analysis program such as Ethereal to find thetraffic, get the local IP address and port number (and protocol, i.e.TCP or UDP) from the packets, and, if this is Windows, use a utilitysuch as TCPView:


	http://www.sysinternals.com/ntw2k/source/tcpview.shtml

or, if it's a UN*X, use a utility such as lsof:

	http://freshmeat.net/projects/lsof/

(which comes with at least some UN*Xes) to see what process is usingthat IP address, port number (and protocol).

References:
- [Ethereal-users] Ethereal Version 0.10.6 - Identifying actual program transmitting & recieving IP
  - From: mark abrams

Prev by Date: Re: [Ethereal-users] dcerpc.time Time duration Time from request
Next by Date: [Ethereal-users] Solution for WIN98 startup problems
Previous by thread: [Ethereal-users] Ethereal Version 0.10.6 - Identifying actual program transmitting & recieving IP
Next by thread: [Ethereal-users] Solution for WIN98 startup problems
Index(es):
- Date
- Thread