I need to capture the TCP communications that a process makes. However, I cannot just run the process, go look up its PID, and then capture. I need to get the communications that occur an instant after it starts.
It is evidently making a JSON request, over an unknown port (not 80), to another process, that registers its URL for REST calls. I have to mimick its before and thus, I need to see it.
Is there a way to capture network communications over a particular interface without knowing the port and from the time the process starts onward?
You can use tcpdump command in order to capture the traffic from/to your machine. The size of the packets, port, interface, protocol and lots of parameters are covered by that. for example: sudo tcpdump -i eth0 src/dst xxx.xxx.xxx.xxx port x
for more detail, please check the tcpdump manual page. Note, be careful about printing the output to the file, because the result of the packet capturing command will be huge.
BR,