On Jul 11, 2010, at 3:01 AM, Greg Hauptmann wrote:
> Is there a way with Wireshark, when running it on a Windows PC (say XP, Vista, or Windows 7), a way to have a column which shows the name of the application/process/service that was requesting/receiving the traffic? For example, it might be "firefox" for some of the internet traffic for example...
Currently, no.
> Or is this just not possible with Wireshark (which uses the WinPCap library under-the-bonnet I think?)
Yes, it uses WinPcap, but that's not the issue. As far as I know, no packet capture mechanism directly provides that mechanism; I infer from a statement on the Network Monitor blog that Network Monitor, for example, looks up TCP and UDP packets in the OS's TCP or UDP socket tables to *attempt* to relate packets to processes. Wireshark doesn't do that.