What is the straighest way of finding IP linked to a particular process on a Linux machine?
The task is straightforward if the port used by the process is exclusively reserved for this process: I would find packets linked to the process by filtering the packet capture to that port.
It becomes however less obvious when the port of interest is used by several processes at the same time.
How can I discriminate the packets sent of received by one specific chosen process in this case?
This can be used to know which port is listening on which and for which process.
You can also use:
The straightest way is the one in Anirudh's reply, as root:
From your question though seems you think that there can be more than one process listening to the same IP:PORT touple, are you refering to SO_REUSEPORT ?
In this case too with netstat you get the PID of the process anyway.
And no, sinffing does not necessarily tell you what process is listening, you only see the traffic.