Im trying to analyze traffic network using libpcap in C language. I would like to filter packets by process PID. I've been doing research and apparantly pcap can't do what I want but netstat can give me information about traffic with process pid.
Is this ugly to call "system("netstat - apn")" or is there any other library in C/C++ that I could use ? I want my programm running under Linux and Windows.
Yes, system(3) is generally frowned upon and you won't get the output of your command. If you want to go that route, use popen(3) as discussed here.
Going an alternate route, on Linux-derived platforms, I would suggest combing /proc for details on the process you're interested in and use that to build a bpf filter. You should be able glean a four or five tuple for your process from /proc/$PID/net/{tcp, udp} and use that to create a filter string to capture the packets you want.
