Wireshark-bugs: [Wireshark-bugs] [Bug 1184] New: Linux Enhancement to /proc
Date: Thu, 26 Oct 2006 15:35:11 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1184

           Summary: Linux Enhancement to /proc
           Product: Wireshark
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jeremiah.jahn@xxxxxxxxx


Build Information:
wireshark 0.99.3a

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.8.20, with GLib 2.10.2, with libpcap 0.9.4,
with libz 1.2.3, with libpcre 6.3, with Net-SNMP 5.3, without ADNS, without
Lua.
Running with libpcap version 0.9.4 on Linux 2.6.17-1.2157_FC5smp.

--
This will probably get shot down, but I'd like to suggest the following
enhancement for Linux systems.

I think it is possibe to associate a packet with a currently running process on
the system. If the system is acting as a router, this can't be done, but on an
end machine, It would be greate to see where a particular packet or stream of
packets was comming from or going to. Every once in a while I will notice a set
of udp packets or ICMP that I have no idea where they come from, ie what
currently running process on my system is generating them or receving them. In
order to find out, I have to associate a packet, with a socket, with an process
that has the lock on that socket. This can be a greate way to find malware, or
just things that I have started that do more than I expected. 

anyway, just a thought.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.