network capture

Capture network traffic of single process

sudo ptcpdump -w demo.pcapng -i any -- curl -L http://google.com

Capture already running process (PID)

sudo ptcpdump -w demo.pcapng -i any --pid 1234 -f

Capture network traffic of single process

strace -f -e trace=network -s 10000 curl -L http://google.com

Capture already running process (PID)

strace -f -e trace=network -s 10000 -p 1234

Capture

httptap -- curl https://andreas-mausch.de

ss ss is a modern replacement for netstat

sudo ss -tunap | sort -k1

-t

--tcp: Display TCP sockets.

-u

--udp: Display UDP sockets.

-n

--numeric: Do not try to resolve service names.

-a

--all: Display both listening and non-listening (for TCP this means established connections) sockets.

-p

--processes: Show process using socket.