All the packet capture drivers will see the packets the way they are transmited over the network, which doesn't include any information about the application, so they can't apply any filter on application level.
Hooking the application's network APIs will monitor all packets which are send directly by that application, but will miss any indirect communication.
Additionally all firewall leak tests show that it's impossible to know which data is send by what application.
The best way to log data from a single application is probably to make sure no other application using the network is running at the same time. It sounds stupid, but is the most reliable way. VMware might be a good idea for something like that.
Last edited by Kerlingen; 11-27-2011 at 01:57.
|