Ethereal-users: Re: [Ethereal-users] Discovering the process that generated a packet

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Martin Regner" <martin.regner@xxxxxxxxx>
Date: Fri, 13 Jan 2006 19:21:28 +0100
Guy Harris wrote:
> Andrew Hood wrote:
> > Keith French wrote:
> >> If you issue a
> >>
> >> netstat -o
> >
> > In the version I have (net-tools 1.60 - netstat 1.42) it is "netstat -p"
>
> In the version I tried, it was built into the OS, not part of an add-on
> package.
>
> You *were* running this on Windows, right? :-)
>
> I.e., as per my earlier mail, finding out what process has a given
> socket open is platform-dependent.  The "netstat" in Windows XP uses
> "-o", presumably; I guess it's "-p" in some Linux package, and the OS X
> (and possibly at least some other BSD) "netstat" doesn't seem to have
> any option for that.
>

In Windows XP SP2 it might be more useful to use -b option than -o option.
It will list not just the pid, but maybe also the exe/dll-filenames (might be good to combine with -v option), e.g. you
could try:

netstat -anvb