Ethereal-users: Re: [Ethereal-users] Discovering the process that generated a packet

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jean-Baptiste Marchand <jbm.lists@xxxxxxxxx>
Date: Fri, 13 Jan 2006 10:21:34 +0100
* secjunky <secjunky@xxxxxxxxx> [01/01/70 - 01:00]:

> So this is my question, is there a way to configure ethereal to display the
> process that generated the packet in question? I know I could sit at the
> computer with TCPView or netstat running, but as I said, this is done overnight
> and I can't be at the computer all night (ie I need logging). 

Leaving TDIMon running overnight should do the trick:

	http://www.sysinternals.com/Utilities/TdiMon.html

Microsoft also have the Port Report tool, running as a Windows service:

	http://support.microsoft.com/?id=837243

Because these tools do not capture the actual network data, you still
want to use ethereal to look at network traffic.

Jean-Baptiste Marchand