This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is it possible to filter the capture result for specific programs so that it only shows the packets which that program has sent/recieved ?

asked 08 Jul '13, 05:46

Milad%20Rad's gravatar image

Milad Rad
16224
accept rate: 0%


No, you can't unless each program uses specific ports that you can associate to the program, e.g. port 80 being an apache web server process. This means that you need to know for certain that there is that program running on the originating host, and no other program "hijacked" that port. There is no program executable name or other identification of the originating process in a trace file, unless using capture programs that can provide this (like Microsoft NetMon etc.)

permanent link

answered 08 Jul '13, 05:48

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 08 Jul '13, 05:50

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×549
×33
×7

question asked: 08 Jul '13, 05:46

question was seen: 7,118 times

last updated: 08 Jul '13, 05:50

p​o​w​e​r​e​d by O​S​Q​A