Wireshark-users: [Wireshark-users] Wireshark-users: Re: How to let wireshark capture one applicat

Date: Tue, 12 Feb 2008 20:46:20 +0200
Hi,
While Wireshark can't filter on a specific application you can use Sysinternals TCPView (it's like netstat but with GUI and some nice extra features) to see exactly what sockets your application is using (on of the nice extra features is that it tells you the process that use the socket and not just the the socket's details).
 
from there building a filter for Wireshark is just a few minutes (assuming your application is not jumping ports...)
 
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
 
hope this helps...