|
EtherealRE: [Ethereal-users] Discovering the process that generated a pac ket |
|
||
|
|
EtherealRE: [Ethereal-users] Discovering the process that generated a pac ket |
|
||
|
Afaik there is no way to configure Ethereal to associate a packet to a process. However, you should be able to determine the source by inference. Look at the packet's destination IP and destination port. Who does the destination IP belong to? Is the destination port a well-known port? If not, do a Google search and see if you can find an app that listens on that port? Is there any ASCII data in the packet that would help identify what it is requesting? If you suspect Steam, start a capture and launch the Steam client. Does it connect to the same destination IP/IP block/port as the packet in question?
If you can determine who/what the client is talking to, you should be able to determine what process on your machine is doing the talking.
Andrew
-----Original Message-----
Hello list, I've been looking for this for a while, but I can't seem to find
anything. I would like to know if ethereal can tell me the actually process
that sent the packet in question. Here's the scenario. So this is my question, is there a way to configure ethereal to display the process that generated the packet in question? I know I could sit at the computer with TCPView or netstat running, but as I said, this is done overnight and I can't be at the computer all night (ie I need logging). I also know I could simply run the windows variant of the Linux command 'netstat -c' and compare times, but I think this would be tedious and a feature like this would be very useful in ethereal if it doesn't already exist. I found this one the ethereal forum (http://www.ethereal.com/lists/ethereal-dev/200110/msg00129.html), but it is very old and is far beyond my menial coding experience. Does anyone have any suggestions or patches for ethereal that I could use? Thanks in advance |
Powered by MHonArc 2.6.10