Filter by process/PID in Wireshark

Filter by process/PID in Wireshark

回答1

Just in case you are looking for an alternate way and the environment you use is Windows, Microsoft's Network Monitor 3.3 is a good choice. It has the process name column. You easily add it to a filter using the context menu and apply the filter.. As usual the GUI is very intuitive...

评论

Microsoft Network Monitor 3.4 is at microsoft.com/en-us/download/details.aspx?id=4865
– g t
Sep 19, 2013 at 12:25
 
There's also Microsoft Message Analyzer which is basically Microsoft's version of Wireshark (and the sucessor to Network Monitor as I understand), but a little better integrated. In the column chooser, under 'Etw'->'EtwProviderMsg' there's a column for 'PID'. It works well!
– Cameron
Mar 20, 2015 at 18:35

 

回答2

You could match the port numbers from wireshark up to port numbers from, say, netstat which will tell you the PID of a process listening on that port.

 

回答3

Get the port number using netstat:

netstat -b

And then use the Wireshark filter:

tcp.port == portnumber

[AE1.exe]
  TCP    172.31.211.108:59570   172.22.33.4:8080       ESTABLISHED

 

作者:Chuck Lu    GitHub
posted @   ChuckLu  阅读(189)  评论(0编辑  收藏  举报
相关博文:
· Wireshark Filter for SSL Traffic
· Fiddler not intercepting PowerShell web requests
· 使用wireshark常用的过滤命令
· WireShark抓包工具抓取查看指定的软件进程网络包的方法
· wireshark 过滤方式
阅读排行:
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
历史上的今天:
2021-07-02 Msg 547, Level 16, State
2021-07-02 Win10操作系统升级到20H2的进程名字
2021-07-02 Using Spy++ in Visual Studio 2019
2021-07-02 How to print GETDATE() in SQL Server with milliseconds in time?
2020-07-02 NLog Tutorial
2020-07-02 Securing Azure CDN assets with token authentication
2020-07-02 How can I uninstall the language pack of .net 4.8?
点击右上角即可分享
微信分享提示