On Sep 27, 2009, at 4:01 PM, IT eSTUDANT wrote:
I would like to put the Process ID as a column item to be displayed
on Wireshark. I`ve looking around but didn`t get answer. Is this
possible?
In the most general sense, no - if the network adapter is in
promiscuous or monitor mode, a network analyzer such as Wireshark
could capture traffic which is not going to or from the machine
running Wireshark, and there is no way to determine what the process
ID is of the sending or receiving process if it's not running on the
same machine as Wireshark (and, in fact, the machine sending or
receiving the packet might not be running an operating system that
*has* process IDs).
At least for TCP or UDP packets, on some operating systems, Wireshark
could, in theory, ask the operating system whether any process running
on the machine has a socket open using the IP address and TCP/UDP port
that are the source or destination of the packet and, if that's the
case, get the process ID of that process and display it (UN*X and
Windows both have the notion of a process ID, and we don't have any
versions of Wireshark for OSes that aren't Windows or versions of UN*X).
However, the way that would be done would be dependent on the OS on
which you're running (and it might not be possible on all of them),
and nobody's written code to do that yet for any of the OSes on which
Wireshark runs.
