mailing list archives
Re: GSoC 2013: Process Information
From: Guy Harris <guy () alum mit edu>
Date: Wed, 24 Apr 2013 13:23:52 -0700
On Apr 24, 2013, at 12:10 PM, Anders Broman <a.broman () bredband net> wrote:
Process info is entirely useless when capturing of a mirror/pawn port
...or in monitor mode on Wi-Fi, or in promiscuous mode on a non-switched Ethernet, or with some type of passive tapping
hardware (Endace DAG cards, etc.)...
so it should be an option to add it.
There are, at some level, two modes for using a packet sniffer:
1) watching traffic to and from the machine on which the sniffer is running;
2) passively watching third-party traffic.
Process information is only available, in the general case, in the first of those modes.
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe