Hi guys, there are a couple of issues opened, such as #1184 ( https://gitlab.com/wireshark/wireshark/-/issues/1184 )
Feel free to upvote or suggest ideas of implementation. regards, E.A. Le sam. 24 mai 2025 à 17:54, Josh Clark <j...@je-clark.com> a écrit : > > Hi Ayub, > > Have you seen ptcpdump on Github? https://github.com/mozillazg/ptcpdump > > That project seems like it would meet your needs, at least on a *nix OS. It > is not integrated into Wireshark, so you would need to separate your capture > and analysis workflows for the time being. > > To help the dev team track the full feature request, you can go ahead and > submit it on Gitlab: https://gitlab.com/wireshark/wireshark/-/issues > > > On Sat, May 24, 2025 at 8:45 AM SHAiDA <ayubarba...@gmail.com> wrote: >> >> Dear Wireshark Development Team, >> >> I hope this message finds you well. >> >> I would like to suggest a feature enhancement for Wireshark that would >> greatly benefit malware analysts, forensic investigators, and application >> developers: the ability to filter and save captured traffic based on a >> specific process name or PID running on the host. >> >> Currently, packet capture is interface-based, and while powerful, it lacks >> native visibility into which process is generating or receiving specific >> network traffic. Adding a feature to bind captured packets to the >> originating process would: >> >> Enable .pcap filtering or exporting per-process >> >> Allow targeted analysis of suspicious executables >> >> Improve correlation of traffic with endpoint behavior in live investigations >> >> >> I realize this would involve integration with OS-specific APIs (e.g., >> GetExtendedTcpTable on Windows or /proc on Linux), but it would be a >> groundbreaking improvement for many use cases. >> >> Thank you for your time, and for developing such an incredible tool for the >> networking and security community. >> >> Best regards, >> Ayub >> Cybersecurity Analyst >> _______________________________________________ >> Wireshark-dev mailing list -- wireshark-dev@wireshark.org >> To unsubscribe send an email to wireshark-dev-le...@wireshark.org > > _______________________________________________ > Wireshark-dev mailing list -- wireshark-dev@wireshark.org > To unsubscribe send an email to wireshark-dev-le...@wireshark.org _______________________________________________ Wireshark-dev mailing list -- wireshark-dev@wireshark.org To unsubscribe send an email to wireshark-dev-le...@wireshark.org
