Hi all, May I know how to filter out all packets to/from a specific process through display filter? thanks! asked 15 Oct '12, 01:49  SteveZhou |
2 Answers:
It's not possible with current Wireshark as it has no knowledge of processes. If you know which port(s) a process is using then you can construct a filter with those ports. answered 15 Oct '12, 01:59  grahamb ♦ |
On windows there is an experimental build that implements the idea in bug 1184, as described on the mailing list: http://www.wireshark.org/lists/wireshark-dev/201212/msg00069.html answered 28 Dec '12, 04:05  patraulea |
thank you for quick response. As I saw this feature in Microsoft Network Monitor 3.4 so would like to know the same for wireshark.
You can capture with NM, and then load the capture file in Wireshark.
There is a feature request for identifying processes(1184), but as it's 6 years old I don't think it'll be happening soon.