|
|
@@ -9,6 +9,15 @@ The Sniffer accepts some filter like tcpdump.<br>
|
|
|
|
|
|
For HTTP connections, there is an argument to show part of its payload.<br>
|
|
|
|
|
|
+----
|
|
|
+Under some cirumstances the program/PID cannot be evaluated. This would be reported as follow:
|
|
|
+<pre>
|
|
|
+ "?/?" = No entry in /proc/net/[TCP/UDP/ICMP]
|
|
|
+ "-/-" = Found Inode but no PID
|
|
|
+ "./." = The Inode found is '0'
|
|
|
+</pre>
|
|
|
+----
|
|
|
+
|
|
|
<p><i>
|
|
|
!! sisniff uses scapy's sniff() function, so scapy package is needed:<br>
|
|
|
!! debian: apt-get install scapy<br>
|
Peter Siegrist