Dear Wireshark Development Team, I hope this message finds you well.
I would like to suggest a feature enhancement for Wireshark that would greatly benefit malware analysts, forensic investigators, and application developers: the ability to filter and save captured traffic based on a specific process name or PID running on the host. Currently, packet capture is interface-based, and while powerful, it lacks native visibility into which process is generating or receiving specific network traffic. Adding a feature to bind captured packets to the originating process would: Enable .pcap filtering or exporting per-process Allow targeted analysis of suspicious executables Improve correlation of traffic with endpoint behavior in live investigations I realize this would involve integration with OS-specific APIs (e.g., GetExtendedTcpTable on Windows or /proc on Linux), but it would be a groundbreaking improvement for many use cases. Thank you for your time, and for developing such an incredible tool for the networking and security community. Best regards, Ayub Cybersecurity Analyst
_______________________________________________ Wireshark-dev mailing list -- wireshark-dev@wireshark.org To unsubscribe send an email to wireshark-dev-le...@wireshark.org
