Ethereal-users: Re: [Ethereal-users] Discovering the process that generated a packet

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: secjunky <secjunky@xxxxxxxxx>
Date: Fri, 13 Jan 2006 01:53:30 -0800


On 1/13/06, Jean-Baptiste Marchand <jbm.lists@xxxxxxxxx> wrote:
* secjunky <secjunky@xxxxxxxxx> [01/01/70 - 01:00]:

> So this is my question, is there a way to configure ethereal to display the
> process that generated the packet in question? I know I could sit at the
> computer with TCPView or netstat running, but as I said, this is done overnight
> and I can't be at the computer all night (ie I need logging).

Leaving TDIMon running overnight should do the trick:

        http://www.sysinternals.com/Utilities/TdiMon.html

Like most useful programs, this doesn't seem to run on XP64 even in compadibility mode. Thanks for the link though, I can use it on my other boxes.

Microsoft also have the Port Report tool, running as a Windows service:

        http://support.microsoft.com/?id=837243

This one runs on my system, I'll try this, thanks.

Because these tools do not capture the actual network data, you still
want to use ethereal to look at network traffic.

Jean-Baptiste Marchand

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users


Thanks to the rest of you as well.