Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, September 30, 2014 3:30 AM | 2 votes
Hi, is there a way of filtering the messages by ProcessName, i.e.: I'd like to see only traffic from IEXPLORE.EXE (I am using the Microsoft.Windows.NDIS-PacketCapture).
Thanks
All replies (2)
Wednesday, October 1, 2014 4:18 PM âś…Answered
We don't yet have a way to show messages by ProcessName. We can order them by ProcessID (using the Network Conversation with Process ID view layout), which you can then use TaskMan to associate to the proper Process ID.
Also, if you capture using NetSh, you also get a list of processes running at the time which you can use to manually associate the process name. To do this add columns for ImageFileName and ProcessId from the Windows_Kernel_Tracing module in Column Chooser.
Paul
Tuesday, February 10, 2015 8:52 PM | 4 votes
We don't yet have a way to show messages by ProcessName. We can order them by ProcessID (using the Network Conversation with Process ID view layout), which you can then use TaskMan to associate to the proper Process ID.
Come on guys. Getting a process name given a process id is trivial. Why make us look it up? This is one reason I still use good ol' NetMon.