Like the question says, is there a way to filter/follow a tcp/ssl stream based on a particular process ID?
+3
A:
I don't see how. The PID doesn't make it onto the wire (generally speaking), plus Wireshark allows you to look at what's on the wire - potentially all machines which are communicating over the wire. Process IDs aren't unique across different machines, anyway.
Vinay Sajip
2009-08-27 08:39:18
good point..thats what I thought too.. let me wait for a day before closing this, just incase there is a wireshark ninja out there who manages to do this..
Ryan Fernandes
2009-08-27 08:41:33
A:
You could match the port numbers from wireshark up to port numbers from, say, netstat which will tell you the PID of a process listening on that port.
Tom Woolfrey
2009-08-27 08:51:43
well, this might not work..the program opens up and closes a lot of local and remote ports
Ryan Fernandes
2009-08-27 09:01:21
A:
Just in case you are looking for an alternate and the environment you use is Windows, Microsoft's netmon 3.3 is a good choice. It has the process name column. You easily add it to filter using context menu and Apply the filter.. as usual the gui is very intuitive..
Sreejith Menon
2010-05-04 07:34:04