Is it possible to trace a packet to the source of its destination within the host machine?
AKA Packet 7642 OUTBOUND from HOST(wow.exe) to IP-ADDRESS. Packet 7643 INBOUND from IP-ADDRESS to HOST(Chrome.exe)
asked 07 Dec '13, 10:24
I'm not sure I understand the question. Applications don't communicate to each other within the host via IP packets in this way unless you're talking about virtual machines within the host.
For mapping the application to packets that are leaving the host, the IP and port number (the socket) would be a good indicator. Some applications give themselves away a bit too, such as the "user agent" value in HTTP packets that indicate the browser in use. This isn't foolproof though, and the packet itself certainly wouldn't be enough to derive the executable file on the source computer that ultimately had the packet sent.
answered 07 Dec '13, 18:11