I would like to have a tcpdump like program that shows which program sent a specific packet, instead of just getting the port number. This is a generic problem I've had on and off sometimes when you have and old tcpdump file lying around you have no way to find what program was sending that data..

The solution in how i can identify which process is making UDP traffic on linux ? is an indication that I can solve this with auditd, dTrace, OProfile or SystemTap, but doesn't show how to do it. I.e. it doesn't show the source port of the program calling bind()..

The problem I had was strange UDP packets, and since those ports are so short lived it took me a while to solve this issue. I solved this by running an ugly hack similar to:

while true; date +%s.%N;netstat -panut;done

So either a method better than this hack, a replacement for tcpdump, or some way to get this info from the kernel so I can patch tcpdump.

EDIT: This was asked on superuser "tracking what programs sends to net", no good solution though.