Correlate PIDs with network packets in Wireshark


By default when you record a trace in Wireshark, you won’t find process IDs in it. And sometimes this information is necessary to investigate the problem you are facing. I run into one of such issues this week. I needed to locate a process on a Virtual Machine (local address 10.0.2.5) which was still using TLSv1 to connect to our load balancer. At first, I only recorded traces in Wireshark and filtered them (ssl.record.version == "TLS 1.0"):

initial-tls1-trace

Continue reading

Debug Recipes


This one would be short 🙂 While learning new things I write notes, collect help files and sample code. I use my Google Drive to store them. I have decided recently that some of the folders may be worth publishing and this is how Debug Recipes repository was born. I have a plan to store in it:

I’m still working on a better navigation (each section will have a README.md file), but for now the Github search and folder navigation are the only options. As you can imagine it will always be a work in progress, but I hope that some recipes will prove useful to you. As always comments and suggestions are welcome.