Capture traffic for specific application
I have an application which communicates with some server. I want to know what the IP of this server is. How can I capture all the traffic from a specific application and not just all the traffic like Wireshark does?
It is possible to capture all network traffic for a given application by intercepting Windows Sockets API calls. These are the tools that may help.
Proxocket written by Luigi Auriemma. It intercepts API calls and saves captured traffic as Wireshark-ready .cap file in tcpdump format. Nothing is more explanatory than an image provided by Luigi himself:
NirSoft has SocketSniff application which allows one to capture a traffic of a specific process. A picture is worth a thousand words as well:
Sadly, mentioned tools would likely not support 64-bit applications. However it is possible to write a custom interceptor using mhook library supporting both 32-bit and 64-bit API.
The easiest one to use is Fiddler 2. It is a debugger that allows you to view HTTP,HTTPS and FTP (both if configured) requests with any application on your PC.
After you install it, to target a specific application simply click and hold the menu item "Any Process" then drag the cursor to the open window and release it. It will only show that targeted application until you right-click on the menu item that now reads the targeted process in red text to release it.
http://fiddler2.com/
Microsoft Network Monitor might allow you to say "capture only packets sent to and from this application".