I would like to examine the network traffic being handled by a single process, but simple network captures won't work since I am dealing with such a busy system (lots of other traffic happening at the same time). Is there a way to isolate a tcpdump
or wireshark
capture to the networking traffic of a single specific process? (Using netstat
is insufficient.)
Capture Network Traffic – How to Monitor Network Traffic of a Single Process
networkingwireshark
Best Answer
Indeed there is a way, using the Wireshark filters. But you cannot filter directly by process name or PID (because they are not a network quantities).
You should first figure out the protocols and the ports used by your process (the netstat command in the previous comment works well).
Then use Wireshark to filter the inbound (or outbound) port with the one you just retrieve. That should isolate the incoming and outcoming traffic of your process.