Filter by process/PID in Wireshark
回答1
Just in case you are looking for an alternate way and the environment you use is Windows, Microsoft's Network Monitor 3.3 is a good choice. It has the process name column. You easily add it to a filter using the context menu and apply the filter.. As usual the GUI is very intuitive...
评论
Microsoft Network Monitor 3.4 is at microsoft.com/en-us/download/details.aspx?id=4865
– g t
Sep 19, 2013 at 12:25There's also Microsoft Message Analyzer which is basically Microsoft's version of Wireshark (and the sucessor to Network Monitor as I understand), but a little better integrated. In the column chooser, under 'Etw'->'EtwProviderMsg' there's a column for 'PID'. It works well!
– Cameron
Mar 20, 2015 at 18:35回答2
You could match the port numbers from wireshark up to port numbers from, say, netstat which will tell you the PID of a process listening on that port.
回答3
Get the port number using netstat
:
netstat -b
And then use the Wireshark filter:
tcp.port == portnumber
[AE1.exe]
TCP 172.31.211.108:59570 172.22.33.4:8080 ESTABLISHED