Capture traffic for specific application

windows-7 networking sniffing wireshark capture
67,901

Solution 1

It is possible to capture all network traffic for a given application by intercepting Windows Sockets API calls. These are the tools that may help.

  1. Proxocket written by Luigi Auriemma. It intercepts API calls and saves captured traffic as Wireshark-ready .cap file in tcpdump format. Nothing is more explanatory than an image provided by Luigi himself: Screenshot

  2. NirSoft has SocketSniff application which allows one to capture a traffic of a specific process. A picture is worth a thousand words as well: Screenshot

Sadly, mentioned tools would likely not support 64-bit applications. However it is possible to write a custom interceptor using mhook library supporting both 32-bit and 64-bit API.

Solution 2

I believe that Capsa should be able to do the things that you're looking for.

chinese free edition enter image description here

english trial editon

enter image description here

Here's an overview from their own site:

Portable Network Analyzer Freeware for Your LAN Network Capsa Free is a network analyzer freeware for Ethernet monitoring, troubleshooting and analysis. It provides users with great experience to learn how to monitor network activities, pinpoint network problems, enhance network security. Capsa Free is a special edition of Capsa Network Analyzer for students, teachers and computer geeks to learn protocols and networking technology knowledge.

It has the following relevant features:

  • Monitor your network traffic
  • Capture http,https,udp,tcp traffics and categorized by name of processes.
  • Analyse the detail information within a packet in hex format.

You could download the enterprise version with subscription.

Alternativly,you could download a permanent free version (but in chinese language).

P.S. I'm just a student major in CS,and not affiliated with the product ,and I'm sure I have followed how to recommend software in answers.I'm caucious because my answer have once been flagged as a spam(Post here).And hope this time my answer would help you.

Share:
67,901

Related videos on Youtube

melco-man
Author by

melco-man

Updated on September 17, 2022

Comments

  • melco-man
    melco-man over 1 year

    I have an application which communicates with some server. I want to know what the IP of this server is. How can I capture all the traffic from a specific application and not just all the traffic like Wireshark does?

    • Admin
      Admin over 14 years
      What operating system are you using? How much do you know about the application? Do you know if it uses specific ports?
    • Admin
      Admin over 14 years
      Windows Server 2008 R2/Windows 7 I don't know anything about port numbers. It is IP (TCP/UDP) traffic.
    • Admin
      Admin over 11 years
      So, to clarify. You want to see the Process ID at least. But something like netstat -aon won't do it because you want to see for unsuccessful connection attempts too. (I don't know of anything, and you'll be lucky if somebody does, but can you clarify that is what you want?)
    • Admin
      Admin about 11 years
      Would you know where the application will attempt to connect to? I am thinking you could use wireshark and use filters to drill down to destination host/IP?
    • Admin
      Admin about 11 years
      Also, depending on the type of application it is, you could force it to go through a proxy and use something like fiddler to capture the traffic of that application. Never tried it but can't see why it would not work. It may be as simple as changing IE proxy settings to fiddler proxy (port 8888 by default) or as difficult as re-compiling the app to use the proxy or somehow forcing the app to use the proxy - I am sure there are apps out there that can do that.
    • Admin
      Admin almost 11 years
      Are you just wanting the IP of the destination server? If so, Wireshark can ID this quickly. If you want to see more detail, a Process Monitor capture can be filtered by process or PID.
    • Admin
      Admin about 4 years
      Studying this traffic can reveal virus behaviour (when the application is a virus)
  • melco-man
    melco-man over 14 years
    TCPView will only help with established connections. I need to see even unsuccessful TCP connection attempts.
  • James Polley
    James Polley over 14 years
    In that case, I'm out of ideas. Probably worth adding that to the question though.
  • Admin
    Admin almost 9 years
    How to use Fiddler for non HTTP/FTP requests?
  • Basj
    Basj about 6 years
    +1 for NirSoft freeware tools that are incredibly good, and usually portable (single .exe) and small (< 500 KB). Very talented developer there!
  • Admin
    Admin almost 6 years
    -1 for a vague and mostly guesswork answer.
  • Aaron Franke
    Aaron Franke about 4 years
    What about on Linux?
  • Admin
    Admin about 4 years
    What about on Linux?
  • PF4Public
    PF4Public about 4 years
    @AaronFranke strace might help. See here: askubuntu.com/a/12465/505090
  • GTodorov
    GTodorov over 3 years
    +1 for Nirsoft! Great tools!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Windows 7 PC sends a lot of NetBIOS Name Queries for non-existent computer names
Wireshark - How do i filter the TCP[RST] packet?
promiscuous mode with Intel Centrino Advanced-N 6200 AGN wireless card
Why my laptop sends ARP request to itself?
Wireshark does not see interfaces (winXP)
Capturing traffic by HTTP host name, not by IP, via WireShark
Chrome browser sending Keep-Alive packets?
How to put NIC into promiscuous mode?
How to solve: Intel Network driver won't install? "no supported network connection exists", Windows 10, Dell Latitude E6420
How to set CommView to capture a specific wifi instead of the whole channel?