Comment by westurner

ptcpdump: https://github.com/mozillazg/ptcpdump :

> ptcpdump is a tcpdump-compatible packet analyzer powered by eBPF, automatically annotating packets with process/container/pod metadata when detectable. Inspired by jschwinger233/skbdump.

awesome-ebpf > Tools: https://github.com/zoidyzoidzoid/awesome-ebpf#tools

opensnitch is an egress firewall that displays PIDs: https://github.com/evilsocket/opensnitch

edgeshark: https://github.com/siemens/edgeshark :

> Discover and capture container network traffic from your comfy desktop Wireshark, using a containerized service and a Wireshark plugin.

Looks like it's possible to select containers from a GUI form with edgeshark. Perhaps something similar for process selection?