Re: Sniffer for Windows That Shows Process ID?
- From: "Will" <westes-usc@xxxxxxxxxxxxxx>
- Date: Wed, 10 Oct 2007 16:10:23 -0700
Netstat is not a *historical* trace of packets. It's totally unsuitable
as a sniffer replacement.
If your application is to associate a listening port with a process, netstat
is handy and I use it.
If your application is to ask the question "who sent out these packets at
3:07p today to a particular destination on a particular port, netstat is the
wrong tool. A sniffer is the right tool.
Morever, if the packets are UDP, I seem to remember that netstat only shows
UDP listeners, not outgoing traffic. So even if I executed netstat at
precisely the right moment, I still wouldn't see outgoing UDP traffic of
interest.
--
Will
"MowGreen [MVP]" <mowgreen@xxxxxxxxxxxxx> wrote in message
news:ufragj4CIHA.1056@xxxxxxxxxxxxxxxxxxxxxxx
netstat for ports, not packets, though.
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each
connection or listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with
the -s option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each
connection.
-p proto Shows connections for the protocol specified by proto;
proto may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of: IP, IPv6,
ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics
are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p
option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection listening port for all
executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
Will wrote:
Can someone recommend a sniffer for Windows that will show the process ID
and name of the process sending or receiving each packet shown in the
sniffer?
I normally use ethereal or wireshark and didn't see a straightforward way
to include this information.
.
- References:
- Re: Sniffer for Windows That Shows Process ID?
- From: MowGreen [MVP]
- Re: Sniffer for Windows That Shows Process ID?
- Prev by Date: Re: Sniffer for Windows That Shows Process ID?
- Next by Date: ldap Publish CRLs to this location
- Previous by thread: Re: Sniffer for Windows That Shows Process ID?
- Next by thread: ldap Publish CRLs to this location
- Index(es):
Relevant Pages
|
|
