|
@@ -1,6 +1,6 @@
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
-# (c) 2017-2019 by Siegrist(SystemLoesungen) <PSS@ZweierNet.ch>
|
|
|
+# (c) 2017-2022 by Siegrist(SystemLoesungen) <PSS@ZweierNet.ch>
|
|
|
#
|
|
|
# All Rights reserved.
|
|
|
# This program is free software; you can redistribute it and/or
|
|
@@ -35,7 +35,7 @@ def _to_str(inp):
|
|
|
return "".join( chr(x) for x in inp)
|
|
|
|
|
|
|
|
|
-VERSION = "1.00"
|
|
|
+VERSION = "1.1"
|
|
|
|
|
|
PROC_TCP4 = "/proc/net/tcp"
|
|
|
PROC_UDP4 = "/proc/net/udp"
|
|
@@ -300,7 +300,7 @@ def doPackets(packet):
|
|
|
spid,sexe,suid = get_conn_info(packet[0][1].proto, conn_addr, conn_port, packet[0][1].version)
|
|
|
elif packet[0][1].version == 6:
|
|
|
spid,sexe,suid = get_conn_info(packet[0][1].nh, conn_addr, conn_port, packet[0][1].version)
|
|
|
- if re.match("^[0-9]+$", spid):
|
|
|
+ if re.match("[0-9]+$", spid):
|
|
|
program = sexe
|
|
|
pid = spid
|
|
|
uid = suid
|
|
@@ -329,10 +329,23 @@ def doPackets(packet):
|
|
|
pass
|
|
|
else:
|
|
|
if filter_prog.startswith('not-'):
|
|
|
- if program == filter_prog[4:]:
|
|
|
+ filter_progn = filter_prog[4:]
|
|
|
+ if filter_progn.startswith('*') and filter_progn.endswith('*') and re.match(filter_progn[1:-1], program):
|
|
|
+ return
|
|
|
+ elif filter_progn.startswith('*') and not filter_progn.endswith('*') and re.match(filter_progn[1:]+'$', program):
|
|
|
+ return
|
|
|
+ elif not filter_progn.startswith('*') and filter_progn.endswith('*') and re.match('^'+filter_progn[:-1], program):
|
|
|
+ return
|
|
|
+ elif not filter_progn.startswith('*') and not filter_progn.endswith('*') and re.match('^'+filter_progn+'$', program):
|
|
|
return
|
|
|
else:
|
|
|
- if program != filter_prog:
|
|
|
+ if filter_prog.startswith('*') and filter_prog.endswith('*') and not re.match(filter_prog[1:-1], program):
|
|
|
+ return
|
|
|
+ elif filter_prog.startswith('*') and not filter_prog.endswith('*') and not re.match(filter_prog[1:]+'$', program):
|
|
|
+ return
|
|
|
+ elif not filter_prog.startswith('*') and filter_prog.endswith('*') and not re.match('^'+filter_prog[:-1], program):
|
|
|
+ return
|
|
|
+ elif not filter_prog.startswith('*') and not filter_prog.endswith('*') and not re.match('^'+filter_prog+'$', program):
|
|
|
return
|
|
|
|
|
|
|
|
@@ -446,11 +459,11 @@ iface_list = ifaces.split('\n')
|
|
|
rfilter = "ip or ip6"
|
|
|
print("")
|
|
|
# commandline params
|
|
|
-parser = argparse.ArgumentParser(description='sisniff V'+VERSION+"\n2017-2019 by sigi <https://wiki.zweiernet.ch/wiki/sisniff>",
|
|
|
+parser = argparse.ArgumentParser(description='sisniff V'+VERSION+"\n2017-2022 by sigi <https://wiki.zweiernet.ch/wiki/sisniff>",
|
|
|
formatter_class=argparse.RawDescriptionHelpFormatter)
|
|
|
parser.add_argument('-i', help="Interface (required)", choices=iface_list, required=True)
|
|
|
parser.add_argument('-n', help="Do not resolve IP-Addresses", action="store_true")
|
|
|
-parser.add_argument('-p', help='Filter by program name ([not-] negates)', type=str, metavar='program|not-program')
|
|
|
+parser.add_argument('-p', help='Filter by program name (accepts * for matching) ([not-] negates)', type=str, metavar='program|not-program')
|
|
|
parser.add_argument('-4', dest='v4', help="Only IPv4", action="store_true")
|
|
|
parser.add_argument('-6', dest='v6', help="Only IPv6", action="store_true")
|
|
|
parser.add_argument('-pH', help="Show HTTP Payload", action="store_true")
|