Wireshark-dev: [Wireshark-dev] GSOC Project:Process information
From: kunal bansal <kunalbansal.02@xxxxxxxxx>
Date: Sun, 19 May 2013 19:06:54 +0530
based on post
http://www.wireshark.org/lists/wireshark-dev/201305/msg00039.html
&
http://www.wireshark.org/lists/wireshark-dev/201305/msg00118.html

i got to know that the implementation has already been done in linux but we have to devise a UI via wireshark for the same

Besides For Windows:
honeevent can also be implemented using  winpcap
though using netshdump (which works via ETW, a good realtime support)works great to create a log file but it doesn't seems an option because it uses higher administrative rights
.
So if we really want to realtime access we need to make a script using ETW on windows.

hone_notify can work as it is
.

FOR Mac OSX


As mentioned in my proposal,using dtrace scripts is a nice option.

conntrack DTrace script for Solaris and Opensolaris to monitor all outgoing TCP and UDP connections by process, user and port.

It has some filtering capabilities allowing to filter traffic by port, process or user.

 https://github.com/kunalbansal16/demo/blob/master/wiresharkdemo/mac%20os/dtrace/conntrack.d


Regards,
Kunal Bansal