Please tell me an application that can view TCP packets of a specific process

L

lovesuper2013-07-05 07:55:43

linux

lovesuper, 2013-07-05 07:55:43

I've been thinking about this for a long time, but now I decided to ask a question. In short, you need a utility that can monitor the traffic driven by some process in the system. Preferably under Linux (but you can also get acquainted with the windows version).

Reply

Answer the question

In order to leave comments, you need to log in

7 answer(s)

A

Alexey Zhurbitsky, 2013-07-05
@blo

The first option is to find the ports and protocols used by the process, and then send wireshark/tcpdump to them
View process ports

sudo netstat -pan | grep <PID>

The second option is using strace

strace -p <PID> -f -e trace=network -s 10000

L

LuckyStarr, 2013-07-05
@LuckyStarr

For Windows there is Microsoft Network Monitor
Here is an example of usage.

T

theli, 2013-07-05
@theli

Can it be like this

iptables -A OUTPUT -m owner --gid-owner nflog -j CONNMARK --set-mark 1
iptables -A INPUT -m connmark --mark 1 -j NFLOG --nflog-group 30
iptables -A OUTPUT -m connmark --mark 1 -j NFLOG --nflog-group 30
sudo -g nflog /usr/bin/application
dumpcap -i nflog:30 -w uid-1000.pcap

S

shsweb, 2013-07-05
@shsweb

For Windows, there is Local Network Monitor . There you can select a process by PID or process name.

S

Sergey, 2013-07-05
@Templier

wireshark?

V

vreitech, 2013-07-05
@fzfx

it is possible that I am wrong.
however, in my memory for iptables, there are at least:
- a module that allows you to track the application that is the source of the local package;
- a module that allows you to mark (not by adding information to packets, but only in RAM) packets in accordance with some arbitrary criterion.
With manuals, I'm afraid I can not help.

I

Igor, 2013-07-05
@shanker

Preferably under Linux (but you can also get acquainted with the windows version).

What is the reason for such a wide spread in OS? Because this task in these systems is solved in different ways