PHWinfo - Afficher un message - Sniffer for Windows That Shows Process ID?

11/10/2007, 15h16

Will wrote:

> Can someone recommend a sniffer for Windows that will show the
> process ID and name of the process sending or receiving each packet
> shown in the sniffer?
>
> I normally use ethereal or wireshark and didn't see a straightforward
> way to include this information.

this is indeed a noble search ! I have looked for the same thing
myself.

netstat can see process id, but only offers a snapshot, it's
stateless, and as a result of it only doing a snapshot, it doesn't
record whether the packet is incoming or outgoing. And of course it's
only a snapshot style port status thing.

You said something like TCPView do what you want ""if you had the
patience of a saint?" But from what I remember, TCPView is not a packet
sniffer. You never see inside the packet.

I did find a port logger (software running on the machine of course,
it's necessary for this) that records process id , and whether the
packet is incoming or outgoing. But it's not a packet sniffer.
Sygate personal firewall, probably the last free version. Maybe
available from oldversion.com or elsewhere. You can turn off the
firewall feature leaving just the port logger. Though the last time i
installed it it crashed, maybe blocking outgoing , and so I removed it
and haven't tried it since.

Somebody should really write what you suggest. It'd be only a small
addition to Ethereal. Indeed, it's not purely a 'packet' thing, but in
a strict definition of packet, neither is TCP. TIME isn't a purely
packet thing either, by any definition, though ethereal displays it
alongside the packet. MS Word is popular because it draws pictures,
doesn't just allow the writing of words. I have to get into this silly
philosophical thing, since a post implied ethereal or a packet sniffer
*shouldn't* do it, so I think some people don't get it.

Somebody posted writing as if this was some personal problem Will has,
requesting they email in private (perhaps since he writes software and
sells it). OK. But It is not just his thing. It's as he described it.
A general thing.

I notice also xananews tried to set follow-up to
comp.dcom.net-management , so if anybody uses that, then be careful!

11/10/2007, 15h16	#4
jameshanley39@yahoo.co.uk Messages: n/a Hébergeur:	Re: Sniffer for Windows That Shows Process ID? Will wrote: > Can someone recommend a sniffer for Windows that will show the > process ID and name of the process sending or receiving each packet > shown in the sniffer? > > I normally use ethereal or wireshark and didn't see a straightforward > way to include this information. this is indeed a noble search ! I have looked for the same thing myself. netstat can see process id, but only offers a snapshot, it's stateless, and as a result of it only doing a snapshot, it doesn't record whether the packet is incoming or outgoing. And of course it's only a snapshot style port status thing. You said something like TCPView do what you want ""if you had the patience of a saint?" But from what I remember, TCPView is not a packet sniffer. You never see inside the packet. I did find a port logger (software running on the machine of course, it's necessary for this) that records process id , and whether the packet is incoming or outgoing. But it's not a packet sniffer. Sygate personal firewall, probably the last free version. Maybe available from oldversion.com or elsewhere. You can turn off the firewall feature leaving just the port logger. Though the last time i installed it it crashed, maybe blocking outgoing , and so I removed it and haven't tried it since. Somebody should really write what you suggest. It'd be only a small addition to Ethereal. Indeed, it's not purely a 'packet' thing, but in a strict definition of packet, neither is TCP. TIME isn't a purely packet thing either, by any definition, though ethereal displays it alongside the packet. MS Word is popular because it draws pictures, doesn't just allow the writing of words. I have to get into this silly philosophical thing, since a post implied ethereal or a packet sniffer shouldn't do it, so I think some people don't get it. Somebody posted writing as if this was some personal problem Will has, requesting they email in private (perhaps since he writes software and sells it). OK. But It is not just his thing. It's as he described it. A general thing. I notice also xananews tried to set follow-up to comp.dcom.net-management , so if anybody uses that, then be careful!