How to tell wireshark to only watch outgoing traffic from a specific program?

D

DVoropaev2018-12-23 20:05:10

linux

DVoropaev, 2018-12-23 20:05:10

I run the program in WindowsXP on a virtualbox, which is on Debian. I'm running shark in debian. How to listen only to the traffic that my program generates?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Artem @Jump, 2018-12-24
@DVoropaev

No, if you don’t know exactly what kind of traffic it generates and on which ports.
How will wireshark distinguish it from other traffic?
Listen to the whole thing, and only then figure out who generated it.
Or ensure that only the traffic of the desired program comes from the interface, cut the rest with a firewall.

A

Andrey, 2018-12-23
@Andrusha

Not in the current version.
1. There is a very old version with PID Filter
2. You can filter by ports if you know which ones are used.
3. You can use another tool, such as Microsoft Network Monitor .

C

CityCat4, 2018-12-24
@CityCat4

No way.
Only filter by port if a non-standard port is used. Or look for headers in the stream if it's something generic like 80/443