Hi Ayub, Have you seen ptcpdump on Github? https://github.com/mozillazg/ptcpdump
That project seems like it would meet your needs, at least on a *nix OS. It is not integrated into Wireshark, so you would need to separate your capture and analysis workflows for the time being. To help the dev team track the full feature request, you can go ahead and submit it on Gitlab: https://gitlab.com/wireshark/wireshark/-/issues On Sat, May 24, 2025 at 8:45 AM SHAiDA <ayubarba...@gmail.com> wrote: > Dear Wireshark Development Team, > > I hope this message finds you well. > > I would like to suggest a feature enhancement for Wireshark that would > greatly benefit malware analysts, forensic investigators, and application > developers: the ability to filter and save captured traffic based on a > specific process name or PID running on the host. > > Currently, packet capture is interface-based, and while powerful, it lacks > native visibility into which process is generating or receiving specific > network traffic. Adding a feature to bind captured packets to the > originating process would: > > Enable .pcap filtering or exporting per-process > > Allow targeted analysis of suspicious executables > > Improve correlation of traffic with endpoint behavior in live > investigations > > > I realize this would involve integration with OS-specific APIs (e.g., > GetExtendedTcpTable on Windows or /proc on Linux), but it would be a > groundbreaking improvement for many use cases. > > Thank you for your time, and for developing such an incredible tool for > the networking and security community. > > Best regards, > Ayub > Cybersecurity Analyst > _______________________________________________ > Wireshark-dev mailing list -- wireshark-dev@wireshark.org > To unsubscribe send an email to wireshark-dev-le...@wireshark.org >
_______________________________________________ Wireshark-dev mailing list -- wireshark-dev@wireshark.org To unsubscribe send an email to wireshark-dev-le...@wireshark.org
