|
|
@@ -1,17 +1,17 @@
|
|
|
sisniff
|
|
|
-------
|
|
|
-
|
|
|
-Sisniff is a network sniffer like tcpdump, which prints out all the packets on a network interface from and to the local computer.<br>
|
|
|
-As a special feature, **for each packet the coresponding application sending or receiving this packet is displayed**.<br>
|
|
|
-With filter options like program name a specific application can be tracked.<br>
|
|
|
+
|
|
|
+Sisniff is a network sniffer like tcpdump, that outputs all packets on a network interface from and to the local computer.<br>
|
|
|
+As a special feature, **the corresponding application that sends or receives each packet is displayed**.<br>
|
|
|
+Filter options can be used to track a specific application.<br>
|
|
|
|
|
|
|
|
|
It supports TCP, UDP and ICMP packets, both on IPv4 and IPv6<br>
|
|
|
-All BPF-Filter on top of IP which can be used by tcpdump are also supported.<br>
|
|
|
+All IP-level BPF-filters that can be used by tcpdump are also supported.<br>
|
|
|
<p>
|
|
|
|
|
|
-For HTTP connections, there is an argument (<code>-H resp. -Hl</code>) to show short or long payload.<br>
|
|
|
-For DOMAIN connections, there is an argument (<code>-D</code>) to show DNS payload.<br>
|
|
|
+For HTTP connections, there are arguments (<code>-H resp. -Hl</code>) to display short or long payloads.<br>
|
|
|
+For DOMAIN connections, there is an argument (<code>-D</code>) to display DNS payload.<br>
|
|
|
|
|
|
Under some cirumstances the program/PID cannot be evaluated. This mavericks would be reported as follow:
|
|
|
<pre>
|
|
|
@@ -36,13 +36,13 @@ Homepage (german): https://wiki.zweiernet.ch/wiki/sisniff
|
|
|
|
|
|
Direct Download: `wget https://git.zweiernet.ch/sigi/sisniff/raw/master/sisniff`
|
|
|
|
|
|
-Recent Version is 1.6.1
|
|
|
+Recent Version is 1.7.0
|
|
|
|
|
|
|
|
|
<pre>
|
|
|
--------------------
|
|
|
# sisniff -h
|
|
|
-usage: sisniff [-h] -i {eth0,lo,wlan0} [-n] [-P] [-p program|not-program] [-4] [-6] [-H] [-Hl] [-D] [filter]
|
|
|
+usage: sisniff [-h] -i {eth0,lo,wlan0} [-n] [-P] [-p program|not-program] [-4] [-6] [-H] [-Hl] [-D] ["filter"]
|
|
|
|
|
|
sisniff V1.7
|
|
|
2017-2026 by sigi <https://wiki.zweiernet.ch/wiki/sisniff>
|
|
|
@@ -69,7 +69,7 @@ optional arguments:
|
|
|
* <code>program</code> is meant the base name of the program/application, e.g. <code>-p thunderbird-bin</code>
|
|
|
* <code>program</code> can contain '*' pattern at the beginning and/or the end, e.g. <code>-p thunder*</code>
|
|
|
* <code>not-program</code> excludes the program from beeing showed, e.g. <code>not-thunderbird-bin</code>. The '*' pattern also is accepted.
|
|
|
-* <code>filter</code> is in same syntax as tcpdump uses. Must be written in double-quotes "..."
|
|
|
+* <code>filter</code> is BPF-filter syntax as used by tcpdump. Must be written in double-quotes "..."
|
|
|
|
|
|
|
|
|
##### Example Commands
|
