Network sniffer with application link
Peter Siegrist
1dff384827
Update README.md
|
6 years ago | |
|---|---|---|
| 400px-Terminal_059.png | 6 years ago | |
| README.md | 6 years ago | |
| Terminal_059.png | 6 years ago | |
| sisniff.py | 6 years ago |
README.md
sisniff
A commandline network sniffer showing the applications belonging to each packet.
It supports TCP, UDP and ICMP packets.
The Sniffer accepts some filter like tcpdump.
For HTTP connections, there is an argument to show part of its payload.
Under some cirumstances the program/PID cannot be evaluated. This would be reported as follow:
"?/?" = No entry in /proc/net/[TCP/UDP/ICMP] "-/-" = Found Inode but no PID "./." = The Inode found is '0'
!! sisniff uses scapy's sniff() function, so scapy package is needed:
!! debian: apt-get install scapy
!! other systems: http://www.secdev.org/projects/scapy
--------------------
# ./sisniff.py -h
usage: sisniff.py [-h] -i {eth0,lo,tun0,wlan0} [-n] [-pH] [filter]
positional arguments:
filter Pcap filter (BPF syntax) on top of IP (in dbl-quotes "...")
optional arguments:
-h, --help show this help message and exit
-i {eth0,lo,tun0,wlan0}
Interface (mandatory)
-n Do not resolve IP-Addresses
-pH Show HTTP Payload
--------------------