View Single Post
Old 11-27-2011, 01:44
Kerlingen Kerlingen is offline
Join Date: Feb 2011
Posts: 316
Rept. Given: 0
Rept. Rcvd 276 Times in 98 Posts
Thanks Given: 0
Thanks Rcvd at 288 Times in 89 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
All the packet capture drivers will see the packets the way they are transmited over the network, which doesn't include any information about the application, so they can't apply any filter on application level.

Hooking the application's network APIs will monitor all packets which are send directly by that application, but will miss any indirect communication.

Additionally all firewall leak tests show that it's impossible to know which data is send by what application.

The best way to log data from a single application is probably to make sure no other application using the network is running at the same time. It sounds stupid, but is the most reliable way. VMware might be a good idea for something like that.

Last edited by Kerlingen; 11-27-2011 at 01:57.
Reply With Quote
The Following User Says Thank You to Kerlingen For This Useful Post:
Indigo (07-19-2019)