This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

filtering capture result for specific programs

0

Is it possible to filter the capture result for specific programs so that it only shows the packets which that program has sent/recieved ?

asked 08 Jul '13, 05:46

Milad%20Rad's gravatar image

Milad Rad
16224
accept rate: 0%


One Answer:

0

No, you can't unless each program uses specific ports that you can associate to the program, e.g. port 80 being an apache web server process. This means that you need to know for certain that there is that program running on the originating host, and no other program "hijacked" that port. There is no program executable name or other identification of the originating process in a trace file, unless using capture programs that can provide this (like Microsoft NetMon etc.)

answered 08 Jul '13, 05:48

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 08 Jul '13, 05:50