Hello list, I've been looking
for this for a while, but I can't seem to find anything. I would like
to know if ethereal can tell me the actually process that sent the
packet in question. Here's the scenario.
I leave
ethereal running overnight on all of my machines (slackware, winxp
pro, winxp 64) to see what is talking to who. When I come back in the
morning, as expected, my slack box was nice and tight-lipped. The XP
pro w/ zone alarm was nice and quiet as well, but it was the XP64
that was the chatterbox. It turns out that my Steam account (from
Valve software), would wake up in the middle of the night (after
being closed) and talk to it's update server. This is actually my
assumption, seeing as I cannot discern the process that sent the
packet from the ethereal scan.
So this is my question, is there a
way to configure ethereal to display the process that generated the
packet in question? I know I could sit at the computer with TCPView
or netstat running, but as I said, this is done overnight and I can't
be at the computer all night (ie I need logging). I also know I could
simply run the windows variant of the Linux command 'netstat -c' and
compare times, but I think this would be tedious and a feature like
this would be very useful in ethereal if it doesn't already exist.
I found this one the ethereal forum
(http://www.ethereal.com/lists/ethereal-dev/200110/msg00129.html),
but it is very old and is far beyond my menial coding experience.
Does anyone have any suggestions or patches for ethereal that I could
use? Thanks in advance
