On Apr 24, 2013, at 12:10 PM, Anders Broman <a.broman@xxxxxxxxxxxx> wrote:
> Process info is entirely useless when capturing of a mirror/pawn port
...or in monitor mode on Wi-Fi, or in promiscuous mode on a non-switched Ethernet, or with some type of passive tapping hardware (Endace DAG cards, etc.)...
> so it should be an option to add it.
Yes.
There are, at some level, two modes for using a packet sniffer:
1) watching traffic to and from the machine on which the sniffer is running;
2) passively watching third-party traffic.
Process information is only available, in the general case, in the first of those modes.