Capture traffic for specific application
Matthew Martinez 
I have an application which communicates with some server. I want to know what the IP of this server is. How can I capture all the traffic from a specific application and not just all the traffic like Wireshark does?
76 Answers
It is possible to capture all network traffic for a given application by intercepting Windows Sockets API calls. These are the tools that may help.
Proxocket written by Luigi Auriemma. It intercepts API calls and saves captured traffic as Wireshark-ready .cap file in tcpdump format. Nothing is more explanatory than an image provided by Luigi himself:
NirSoft has SocketSniff application which allows one to capture a traffic of a specific process. A picture is worth a thousand words as well:
Sadly, mentioned tools would likely not support 64-bit applications. However it is possible to write a custom interceptor using mhook library supporting both 32-bit and 64-bit API.
4The easiest one to use is Fiddler 2. It is a debugger that allows you to view HTTP,HTTPS and FTP (both if configured) requests with any application on your PC.
After you install it, to target a specific application simply click and hold the menu item "Any Process" then drag the cursor to the open window and release it. It will only show that targeted application until you right-click on the menu item that now reads the targeted process in red text to release it.
1Microsoft Network Monitor might allow you to say "capture only packets sent to and from this application".
2I believe that Capsa should be able to do the things that you're looking for.
chinese free edition
english trial editon
Here's an overview from their own site:
Portable Network Analyzer Freeware for Your LAN Network Capsa Free is a network analyzer freeware for Ethernet monitoring, troubleshooting and analysis. It provides users with great experience to learn how to monitor network activities, pinpoint network problems, enhance network security. Capsa Free is a special edition of Capsa Network Analyzer for students, teachers and computer geeks to learn protocols and networking technology knowledge.
It has the following relevant features:
- Monitor your network traffic
- Capture http,https,udp,tcp traffics and categorized by name of processes.
- Analyse the detail information within a packet in hex format.
You could download the enterprise version with subscription.
Alternativly,you could download a permanent free version (but in chinese language).
P.S. I'm just a student major in CS,and not affiliated with the product ,and I'm sure I have followed how to recommend software in answers.I'm caucious because my answer have once been flagged as a spam(Post here).And hope this time my answer would help you.
On windows, TCPView should do what you need: it can show you all the TCP and UDP connections that a particular program has open.
However, I think this is only going to be helpful if the program is opening a connection and leaving it open; they're not going to show you all network traffic by a particular program. It's possible, for instance, that it makes a very brief phone-home call as it loads, but the connection is gone by the time you run TCPView.
Process Monitor may help with getting more detail, but I haven't used it so I'm not sure how much it captures about network sockets.
2proxifier :
That's good program to set up proxy for your sepcial application on windows OS.
