using iptables to track network activity of a specific program
With iptables it is possible to use --uid-owner to filter based on a particular user. Is there something that can filter on a specific application? Or would the only way to monitor an individual app be to launch it in a unique group and use --gid-owner to filter?
Re: using iptables to track network activity of a specific program
Evidently, there used to be a way via "--cmd-owner name", but it got removed because it broke. I think you have to do as you suggested.
References:
http://ubuntuforums.org/showthread.php?t=1739672
http://www.linuxquestions.org/questi...ess-pid-65893/
https://bugs.launchpad.net/ubuntu/+s...es/+bug/800781
There seems to be plenty of confusing stuff using search engine terms: iptables "--cmd-owner" removed
Re: using iptables to track network activity of a specific program
Thanks. Also, thinking about it further, if the program is launched under a unique group any child processes it might spawn overtly or covertly will (most likely) also fall under that group.
Re: using iptables to track network activity of a specific program
Re: using iptables to track network activity of a specific program
Thanks. I saw instructions like those before but only now figured out that they only work when it is the first post in the thread that gets edited. All set now.