Ethereal: Re: [Ethereal-users] Ethereal Version 0.10.6 - Identifying actual program transmitting & recieving I

Ethereal-users: September 2004

Subject: Re: [Ethereal-users] Ethereal Version 0.10.6 - Identifying actual program transmitting & recieving IP
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 05 Sep 2004 13:24:34 -0700

mark abrams wrote:

How do I identify the actual program that is
transmitting the packets from my PC to the destination
IP?

You can use a network analysis program such as Ethereal to find the traffic, get the local IP address and port number (and protocol, i.e. TCP or UDP) from the packets, and, if this is Windows, use a utility such as TCPView:

	http://www.sysinternals.com/ntw2k/source/tcpview.shtml

or, if it's a UN*X, use a utility such as lsof:

	http://freshmeat.net/projects/lsof/

(which comes with at least some UN*Xes) to see what process is using that IP address, port number (and protocol).

References:
- [Ethereal-users] Ethereal Version 0.10.6 - Identifying actual program transmitting & recieving IP
  - From: mark abrams

Prev by Date: Re: [Ethereal-users] dcerpc.time Time duration Time from request
Next by Date: [Ethereal-users] Solution for WIN98 startup problems
Previous by thread: [Ethereal-users] Ethereal Version 0.10.6 - Identifying actual program transmitting & recieving IP
Next by thread: [Ethereal-users] Solution for WIN98 startup problems
Index(es):
- Date
- Thread