On 7/11/2010 8:26 PM, Greg Hauptmann wrote:
thanks Guy
re "looks up TCP and UDP packets in the OS's TCP or UDP socket
tables" - do you know (simplistically) how Wireshark is different out
of curiosity? if it doesn't look up socket tables what does it look
up? (this reflects the fact I don't understand the network stack on a
Windows PC I guess)
It doesn't attempt to match processes to packets. Network Monitor does.
On 12 July 2010 03:40, Guy Harris <guy@xxxxxxxxxxxx>
wrote:
On Jul 11, 2010, at 3:01 AM, Greg Hauptmann wrote:
> Is there a way with Wireshark, when running it on a Windows PC
(say XP, Vista, or Windows 7), a way to have a column which shows the
name of the application/process/service that was requesting/receiving
the traffic? For example, it might be "firefox" for some of the
internet traffic for example...
Currently, no.
> Or is this just not possible with Wireshark (which uses the
WinPCap library under-the-bonnet I think?)
Yes, it uses WinPcap, but that's not the issue. As far as I know, no
packet capture mechanism directly provides that mechanism; I infer from
a statement on the Network Monitor blog that Network Monitor, for
example, looks up TCP and UDP packets in the OS's TCP or UDP socket
tables to *attempt* to relate packets to processes. Wireshark doesn't
do that.
--
Greg
http://blog.gregnet.org/
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
|