v0.80/si:

- -p and -pHl arguments added
- some speed-ups

sisniff.py

@@ -14,7 +14,7 @@ import struct
 import commands
 import argparse
 
-VERSION = "0.76"
+VERSION = "0.80"
 
 PROC_TCP4 = "/proc/net/tcp"
 PROC_UDP4 = "/proc/net/udp"
@@ -37,6 +37,7 @@ nostate = set(['04','05','06''07','08','09','0C','0D'])
 tcp_payload_hdrs = ['GET|POST|HTTP|HEAD|PUT|PATCH|DELETE|TRACE|OPTIONS|CONNECT']
 numeric = False
 payloadH = False
+payloadHl = False
 fillter = ""
 
 def get_conn_info(proto,hosts,ports):
@@ -267,6 +268,9 @@ def doPackets(packet):
             renew = conn_cache.pop(indx)
             conn_cache.append(renew)
         
+    if program != filter_prog:
+        return
+        
     
     o_payload = ""
     if packet.haslayer(UDP):
@@ -294,10 +298,14 @@ def doPackets(packet):
         flags = packet[0].sprintf('%3s,TCP.flags%')
         if payloadH == True:
             if packet.haslayer(Raw):
-                tpld = packet[0].sprintf('%TCP.payload%')
+                #tpld = packet[0].sprintf('%TCP.payload%')
+                tpld = packet[0][TCP].load
                 if re.match("^GET|POST|HTTP|HEAD|PUT|PATCH|DELETE|TRACE|OPTIONS|CONNECT.*", tpld[0:8]):
-                    request_line, gaga = tpld.split('\r\n', 1)
-                    o_payload = str(request_line)
+                    if payloadHl == True:
+                        o_payload = str(tpld)
+                    else:
+                        request_line, gaga = tpld.split('\r\n', 1)
+                        o_payload = str(request_line)
                     #o_payload = tpld[0:20]
     elif packet.haslayer(ICMP):
         o_proto = "ICMP"
@@ -325,7 +333,8 @@ def doPackets(packet):
                 rem_name = _resolve_ip(packet[0][1].dst)
         else:
             rem_name = packet[0][1].dst
-            
+
+        #return "\033[1m "+str(packet[0].time)+" "+str(program)+"\033[0m" +"/"+ str(pid) + " - " + o_proto + ": " + packet[0][1].src + ":" + o_sport + "\033[1m\033[31m  ->>>  \033[0m" + rem_name + ":" + o_dport + " " + flags + " Len:" + str(packet[0][1].len) + " : " + o_payload          
         return "\033[1m"+str(program)+"\033[0m" +"/"+ str(pid) + " - " + o_proto + ": " + packet[0][1].src + ":" + o_sport + "\033[1m\033[31m  ->>>  \033[0m" + rem_name + ":" + o_dport + " " + flags + " Len:" + str(packet[0][1].len) + " : " + o_payload
     else:
         if numeric == False:
@@ -357,9 +366,11 @@ iface_list = ifaces.split('\n')
 print
 # commandline params
 parser = argparse.ArgumentParser(description='sisniff V'+VERSION)
-parser.add_argument('-i', help="Interface (mandatory)", choices=iface_list, required=True)
+parser.add_argument('-i', help="Interface (required)", choices=iface_list, required=True)
 parser.add_argument('-n', help="Do not resolve IP-Addresses", action="store_true")
+parser.add_argument('-p', help="Filter by program name", type=str, metavar='program')
 parser.add_argument('-pH', help="Show HTTP Payload", action="store_true")
+parser.add_argument('-pHl', help="Show HTTP Payload, long output", action="store_true")
 parser.add_argument('filter', nargs='?', help="Filter (BPF syntax) on top of IP (in dbl-quotes \"...\")", type=str)
 args = parser.parse_args()
 iface = args.i
@@ -367,9 +378,15 @@ if args.n:
     numeric = True
 if args.pH:
     payloadH = True
+if args.pHl:
+    payloadH = True
+    payloadHl = True
 if args.filter:
     fillter = " and (" + args.filter + ")"
     print "> Applying Filter: \"ip" + fillter + "\"" 
+if args.p:
+    filter_prog = args.p
+    
 
 # local addresses 
 MYADDRS = _remove_empty([os.popen('ip addr show '+iface).read().split("inet ")[1].split("/")[0]])