Wireshark · Ethereal-users: [Ethereal-users] Discovering the process that generated a packet

[secjunky <secjunky@xxxxxxxxx>]

  Hello list, I've been looking for this for a while, but I can't seem to find anything. I would like to know if ethereal can tell me the actually process that sent the packet in question. Here's the scenario.
   I leave ethereal running overnight on all of my machines (slackware, winxp pro, winxp 64) to see what is talking to who. When I come back in the morning, as expected, my slack box was nice and tight-lipped. The XP pro w/ zone alarm was nice and quiet as well, but it was the XP64 that was the chatterbox. It turns out that my Steam account (from Valve software), would wake up in the middle of the night (after being closed) and talk to it's update server. This is actually my assumption, seeing as I cannot discern the process that sent the packet from the ethereal scan.

So this is my question, is there a way to configure ethereal to display the process that generated the packet in question? I know I could sit at the computer with TCPView or netstat running, but as I said, this is done overnight and I can't be at the computer all night (ie I need logging). I also know I could simply run the windows variant of the Linux command 'netstat -c' and compare times, but I think this would be tedious and a feature like this would be very useful in ethereal if it doesn't already exist.

I found this one the ethereal forum (http://www.ethereal.com/lists/ethereal-dev/200110/msg00129.html), but it is very old and is far beyond my menial coding experience. Does anyone have any suggestions or patches for ethereal that I could use? Thanks in advance