Network sniffer with application link

Peter Siegrist c88ec5b830 v0.81/si 11 months ago
400px-Terminal_059.png ffac3ca21d first commit 2 years ago
README.md 7e8727b72d v0.80/si 1 year ago
Terminal_059.png ffac3ca21d first commit 2 years ago
sisniff.py c88ec5b830 v0.81/si 11 months ago

README.md

sisniff

A commandline network sniffer showing the applications belonging to each packet.

It supports TCP, UDP and ICMP packets.
The Sniffer accepts some filter like tcpdump.

For HTTP connections, there is an argument to show part of its payload.


Under some cirumstances the program/PID cannot be evaluated. This would be reported as follow:

 "?/?" = No entry in /proc/net/[TCP/UDP/ICMP]
 "-/-" = Found Inode but no PID
 "./." = The Inode found is '0'

!! sisniff uses scapy's sniff() function, so scapy package is needed:
!! debian: apt-get install scapy
!! other systems: http://www.secdev.org/projects/scapy

--------------------

# ./sisniff.py -h
usage: sisniff.py [-h] -i {eth0,lo,tun0,wlan0} [-n] [-p program] [-pH] [-pHl]
                  [filter]

sisniff V0.80

positional arguments:
  filter                Filter (BPF syntax) on top of IP (in dbl-quotes "...")

optional arguments:
  -h, --help            show this help message and exit
  -i {eth0,lo,tun0,wlan0}
                        Interface (required)
  -n                    Do not resolve IP-Addresses
  -p program            Filter by program name
  -pH                   Show HTTP Payload
  -pHl                  Show HTTP Payload, long output

--------------------