into Wireshark and view the trace using the File pull down menu. (Remember, if you want to capture all traffic involving that one IP address, capturing packets from that address won't work - that won't show traffic to that address. It was precisely designed for this purpose, create a network capture from a single process (and its children) without leaking other traffic. host sends a packet to the target IP address if the target is live, the Ping program. If you want to capture packets from or to a given IP address, such as 192.16.135.134, the filter would be host 192.16.135.134. traceroute -I 8.8.8.8 It generates a list of each hop by entering IP of routers that comes between source and destination and average round-trip time. Using a router, open browser and enter router IP address > Enter > locate Device List > Status, or Bandwidth or Network Monitoring. Capture from either end of the veth interface and start your process within the network namespace.įor the latter approach, I wrote some scripts to automate it, it can be found at. Traceroute with Wireshark (via ICMP packets) As you know by default traceroute use UDP packet but with help of -I option you can make it work as tracert which uses ICMP request packet. On Linux, create an isolated network namespace and use a virtual Ethernet (veth) pair to connect the new network namespace with the main network namespace.Run a program in a virtual machine (VM) and capture traffic from within the VM, or from the bridge attached to the outside of the VM.If you know that an application contacts certain IP addresses or ports, you could specify a capture filter such as udp port 53 or host.For established TCP sockets, this information could potentially be looked up on-the-fly, but there is no way to express a capture filter to limit filtering to a single process. Arbitrary packets are typically not associated with a process.