use wireshark to automatical packet capture all ports used by a windows process

edwinbmiller used Ask the Experts™
right now i use process explorer to find the ports used by the process
then setup a capture filter in wireshark. Is there a way via scripting or wireshark addon
to automate this process?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Have you compared the caps of total traffic to/from the computer's IP address with caps of just the specific ports' traffic to see how much savings that really gives you?
It might be faster and easier to capture everything then filter it down to just what you want using ethereal, afterwards.

How are you ensuring the process doesn't change ports after you've setup your filters, by the way?

Microsoft Network Monitor has this ability, but the resulting file cant currently be opened in Wireshark.

Use this filter while capturing:


your syntax is wrong i see

udp.proc.srccmd        String        Source process name        1.2.0 to 1.2.1
tcp.proc.srccmd        String        Source process name        1.2.0 to 1.2.1

and you must have a very recent cut of wireshark for these display variables
to be valid
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

You asked for a capture filter.

tcp.proc.srccmd and upd.proc.srccmd are display filters, not capture filters.

The filter I said is for Network Monitor.


sorry about the confusion
I still say it's better to capture everything local and filter during replay. Lots of programs change their ports dynamically.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial