Home page logo
/

wireshark logo Wireshark mailing list archives

Re: GSoC 2013: Process Information
From: Guy Harris <guy () alum mit edu>
Date: Wed, 24 Apr 2013 13:23:52 -0700


On Apr 24, 2013, at 12:10 PM, Anders Broman <a.broman () bredband net> wrote:

Process info is entirely useless when capturing of a mirror/pawn port

...or in monitor mode on Wi-Fi, or in promiscuous mode on a non-switched Ethernet, or with some type of passive tapping 
hardware (Endace DAG cards, etc.)...

so it should be an option to add it.

Yes.

There are, at some level, two modes for using a packet sniffer:

        1) watching traffic to and from the machine on which the sniffer is running;

        2) passively watching third-party traffic.

Process information is only available, in the general case, in the first of those modes.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault