I am looking for a method / hack / kernel module to capture network traffic of a PID and all it's forks / child processes.
I have a firefox applications that opens some web pages and starts to stream stuff with flash streaming, wmv, or any other streaming protocol as well as "simple" download of img, js and other "static" content.
I'm interested in capturing this traffic and ultimately isolation these streams.
Wireshark does not support capturing by a process id, but I assume this can be worked around (and this is the core of my question). Obviously setting up a full virtual machine and running just firefox with wireshark in it will work but I be much more satisfied with a lightweight-er solution, perhaps based on chroot? combined with iptables owner module.
So ideas or complete solutions would be greatly appreciated.
-- EDIT:
People are rightfully guessing the OS I'm working on: The question is mainly pointed towards a Linux OS, but should a workable solution be found on Windows / OpenSolaris / MacOSX or any other reasonably hacker accessible OS that answer would be accepted.