thanks Guy
re "looks up TCP and UDP packets in the OS's TCP or UDP socket tables" - do you know (simplistically) how Wireshark is different out of curiosity? if it doesn't look up socket tables what does it look up? (this reflects the fact I don't understand the network stack on a Windows PC I guess)
On 12 July 2010 03:40, Guy Harris
<guy@xxxxxxxxxxxx> wrote:
On Jul 11, 2010, at 3:01 AM, Greg Hauptmann wrote:
> Is there a way with Wireshark, when running it on a Windows PC (say XP, Vista, or Windows 7), a way to have a column which shows the name of the application/process/service that was requesting/receiving the traffic? For example, it might be "firefox" for some of the internet traffic for example...
Currently, no.
> Or is this just not possible with Wireshark (which uses the WinPCap library under-the-bonnet I think?)
Yes, it uses WinPcap, but that's not the issue. As far as I know, no packet capture mechanism directly provides that mechanism; I infer from a statement on the Network Monitor blog that Network Monitor, for example, looks up TCP and UDP packets in the OS's TCP or UDP socket tables to *attempt* to relate packets to processes. Wireshark doesn't do that.
--
Greg
http://blog.gregnet.org/