Wireshark-bugs: [Wireshark-bugs] [Bug 1184] *Shark should support associating TCP and UDP packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1184
Guy Harris <guy@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Platform|x86 |All
Summary|Linux Enhancement to /proc |*Shark should support
| |associating TCP and UDP
| |packets with processes
OS/Version|Linux (other) |All
--- Comment #2 from Guy Harris <guy@xxxxxxxxxxxx> 2011-12-08 12:03:00 PST ---
This shouldn't be specified as a Linux-specific feature; the problem isn't
"*shark isn't using /proc to associate packets with processes", the problem is
"*shark isn't, on OSes that provide a way for applications to ask what local
processes are using endpoint {address}:{port}:{transport protocol} locally or
remotely, using that mechanism to attempt to indicate which process or
processes sent or received particular packets". (Note that multiple processes
can share a file descriptor and can thus share an endpoint.)
Network Monitor does this on Windows, and the mechanism isn't secret; Mac OS X
and, I think, at least some other BSD-flavored OSes provide a way to do that as
well.
We'd probably want to add a new block type to pcap-ng to save
process-to-endpoint mappings in the capture file.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.