Process Attribution In Network Traffic


PAINT is a software product used to capture network packets and attribute their originating and receiving Process IDs (PIDs) and Process Names on Windows systems in real-time. It is a Windows console application that optionally integrates with Wireshark for ease of use. PAINT uses Event Tracing for Windows (ETW) events provided by Windows 7+ to capture TCPIP and NDIS layer events to ultimately correlate each TCP/UDP/IP packet to the originating and target executable in real-time.

