Capture traffic for specific application
Solution 1
It is possible to capture all network traffic for a given application by intercepting Windows Sockets API calls. These are the tools that may help.
Proxocket written by Luigi Auriemma. It intercepts API calls and saves captured traffic as Wireshark-ready .cap file in tcpdump format. Nothing is more explanatory than an image provided by Luigi himself:
NirSoft has SocketSniff application which allows one to capture a traffic of a specific process. A picture is worth a thousand words as well:
Sadly, mentioned tools would likely not support 64-bit applications. However it is possible to write a custom interceptor using mhook library supporting both 32-bit and 64-bit API.
Solution 2
I believe that Capsa should be able to do the things that you're looking for.
english trial editon
Here's an overview from their own site:
Portable Network Analyzer Freeware for Your LAN Network Capsa Free is a network analyzer freeware for Ethernet monitoring, troubleshooting and analysis. It provides users with great experience to learn how to monitor network activities, pinpoint network problems, enhance network security. Capsa Free is a special edition of Capsa Network Analyzer for students, teachers and computer geeks to learn protocols and networking technology knowledge.
It has the following relevant features:
- Monitor your network traffic
- Capture http,https,udp,tcp traffics and categorized by name of processes.
- Analyse the detail information within a packet in hex format.
You could download the enterprise version with subscription.
Alternativly,you could download a permanent free version (but in chinese language).
P.S. I'm just a student major in CS,and not affiliated with the product ,and I'm sure I have followed how to recommend software in answers.I'm caucious because my answer have once been flagged as a spam(Post here).And hope this time my answer would help you.
Related videos on Youtube
melco-man
Updated on September 17, 2022Comments
-
melco-man over 1 year
I have an application which communicates with some server. I want to know what the IP of this server is. How can I capture all the traffic from a specific application and not just all the traffic like Wireshark does?
-
Admin over 14 yearsWhat operating system are you using? How much do you know about the application? Do you know if it uses specific ports?
-
Admin over 14 yearsWindows Server 2008 R2/Windows 7 I don't know anything about port numbers. It is IP (TCP/UDP) traffic.
-
Admin over 11 yearsSo, to clarify. You want to see the Process ID at least. But something like netstat -aon won't do it because you want to see for unsuccessful connection attempts too. (I don't know of anything, and you'll be lucky if somebody does, but can you clarify that is what you want?)
-
Admin about 11 yearsWould you know where the application will attempt to connect to? I am thinking you could use wireshark and use filters to drill down to destination host/IP?
-
Admin about 11 yearsAlso, depending on the type of application it is, you could force it to go through a proxy and use something like fiddler to capture the traffic of that application. Never tried it but can't see why it would not work. It may be as simple as changing IE proxy settings to fiddler proxy (port 8888 by default) or as difficult as re-compiling the app to use the proxy or somehow forcing the app to use the proxy - I am sure there are apps out there that can do that.
-
Admin almost 11 yearsAre you just wanting the IP of the destination server? If so, Wireshark can ID this quickly. If you want to see more detail, a Process Monitor capture can be filtered by process or PID.
-
Admin about 4 yearsStudying this traffic can reveal virus behaviour (when the application is a virus)
-
-
melco-man over 14 yearsTCPView will only help with established connections. I need to see even unsuccessful TCP connection attempts.
-
James Polley over 14 yearsIn that case, I'm out of ideas. Probably worth adding that to the question though.
-
Admin almost 9 yearsHow to use Fiddler for non HTTP/FTP requests?
-
Basj about 6 years+1 for NirSoft freeware tools that are incredibly good, and usually portable (single .exe) and small (< 500 KB). Very talented developer there!
-
Admin almost 6 years-1 for a vague and mostly guesswork answer.
-
Aaron Franke about 4 yearsWhat about on Linux?
-
Admin about 4 yearsWhat about on Linux?
-
PF4Public about 4 years@AaronFranke
strace
might help. See here: askubuntu.com/a/12465/505090 -
GTodorov over 3 years+1 for Nirsoft! Great tools!