http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1184
Summary: Linux Enhancement to /proc
Product: Wireshark
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: jeremiah.jahn@xxxxxxxxx
Build Information:
wireshark 0.99.3a
Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.8.20, with GLib 2.10.2, with libpcap 0.9.4,
with libz 1.2.3, with libpcre 6.3, with Net-SNMP 5.3, without ADNS, without
Lua.
Running with libpcap version 0.9.4 on Linux 2.6.17-1.2157_FC5smp.
--
This will probably get shot down, but I'd like to suggest the following
enhancement for Linux systems.
I think it is possibe to associate a packet with a currently running process on
the system. If the system is acting as a router, this can't be done, but on an
end machine, It would be greate to see where a particular packet or stream of
packets was comming from or going to. Every once in a while I will notice a set
of udp packets or ICMP that I have no idea where they come from, ie what
currently running process on my system is generating them or receving them. In
order to find out, I have to associate a packet, with a socket, with an process
that has the lock on that socket. This can be a greate way to find malware, or
just things that I have started that do more than I expected.
anyway, just a thought.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.