Wireshark · Wireshark-users: Re: [Wireshark-users] Tons of ARP packets...?

[Guy Harris <guy@xxxxxxxxxxxx>]

On Jul 13, 2007, at 5:19 PM, Guy Harris wrote:

> (Its output resembles that of netstat, probably intentionally.  I  
> don't know whether any UN*Xes have tools such as that, i.e. either a  
> command-line or graphical netstat-plus-process-name - probably some  
> do.)

A Linux netstat man page at

	http://linux.die.net/man/8/netstat

indicates that there's a "--process" flag that shows the process ID  
and process name (probably the first N characters of the last  
component of the executable name, or something such as that) of the  
process that owns the socket; you have to be super-user to get that  
for processes not your own.

lsof might also be able to get some information of that sort on some  
UN*Xes.