TCPdump is a very powerful command line interface packet sniffer.
It must be launched as root or with superuser rights because of the its use of the promiscuous mode or to be sure to have sufficent privilileges on a network device or a socket. Wireshark (formerly ethereal) can be used as an alternative to TCPdump but with a GUI interface. Wireshark can be used to read the logs captured by TCPdump too.
Web resources:
http://packetpushers.net/masterclass-tcpdump-basics/
http://www.yourownlinux.com/2013/07/linux-command-tcpdump.html
http://www.tcpdump.org/tcpdump_man.html
http://www.wireshark.org/docs/
How can I capture network traffic of a single process?
Sadly a network sniffing tool works at the lowest level of the net stack, trying to catch everything, it’s completely unaware of processes running on the OS. It’d be extremely difficult to find out what’s originated a certain call. A packet sniffer could eventually figure out (via the port number) a process ID but cannot figure out which process did a DNS lookup as this is completely independent (that’s most probably the kernel net stack that triggered the call). But with filtering and stoping other processes you should be able to achieve your goal
To start and monitor an new process:
strace -f -e trace=network -s 10000 PROCESS ARGUMENTS
To monitor an existing process with a known pid:
strace -p $PID -f -e trace=network -s 10000
strace ping www.mycompany.com
netstat -taucp | grep <pid or process name> : That will show the connections an application is making including the port being used
Linux:netstat -nutp (for outbound connections)
netstat -lnutp (for inbound connections)
Windows:
netstat -anb | more
Read more at http://www.singlehop.com/blog/mastering-the-abuse-process-tracking-down-abusive-activity/#gzTgogFJR7PMRlKu.99
If you want to check what processes are using ports you can try this command : lsof -i or lsof -p (depending the version)
Jacques Dalbera's IT world 