Wireshark-dev: [Wireshark-dev] Re: Feature Request: Process-Aware Packet Filtering and Captur

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Eugène Adell <eugene.adell@xxxxxxxxx>
Date: Sat, 24 May 2025 18:17:42 +0200
Hi guys,

there are a couple of issues opened, such as #1184 (
https://gitlab.com/wireshark/wireshark/-/issues/1184 )

Feel free to upvote or suggest ideas of implementation.

regards,
E.A.

Le sam. 24 mai 2025 à 17:54, Josh Clark <josh@xxxxxxxxxxxx> a écrit :
>
> Hi Ayub,
>
> Have you seen ptcpdump on Github? https://github.com/mozillazg/ptcpdump
>
> That project seems like it would meet your needs, at least on a *nix OS. It is not integrated into Wireshark, so you would need to separate your capture and analysis workflows for the time being.
>
> To help the dev team track the full feature request, you can go ahead and submit it on Gitlab: https://gitlab.com/wireshark/wireshark/-/issues
>
>
> On Sat, May 24, 2025 at 8:45 AM SHAiDA <ayubarbaty1@xxxxxxxxx> wrote:
>>
>> Dear Wireshark Development Team,
>>
>> I hope this message finds you well.
>>
>> I would like to suggest a feature enhancement for Wireshark that would greatly benefit malware analysts, forensic investigators, and application developers: the ability to filter and save captured traffic based on a specific process name or PID running on the host.
>>
>> Currently, packet capture is interface-based, and while powerful, it lacks native visibility into which process is generating or receiving specific network traffic. Adding a feature to bind captured packets to the originating process would:
>>
>> Enable .pcap filtering or exporting per-process
>>
>> Allow targeted analysis of suspicious executables
>>
>> Improve correlation of traffic with endpoint behavior in live investigations
>>
>>
>> I realize this would involve integration with OS-specific APIs (e.g., GetExtendedTcpTable on Windows or /proc on Linux), but it would be a groundbreaking improvement for many use cases.
>>
>> Thank you for your time, and for developing such an incredible tool for the networking and security community.
>>
>> Best regards,
>> Ayub
>> Cybersecurity Analyst
>> _______________________________________________
>> Wireshark-dev mailing list -- wireshark-dev@xxxxxxxxxxxxx
>> To unsubscribe send an email to wireshark-dev-leave@xxxxxxxxxxxxx
>
> _______________________________________________
> Wireshark-dev mailing list -- wireshark-dev@xxxxxxxxxxxxx
> To unsubscribe send an email to wireshark-dev-leave@xxxxxxxxxxxxx