查看哪些进程进行远程网络连接
picosnitch的Python项目详细描述
皮科斯尼奇
- 监视您的系统,以便在程序第一次建立远程网络连接时通知您(在picosnitch运行期间)
- 日志和配置存储在~/.config/picosnitch中/snitch.json文件在
- 默认情况下,每隔0.2s轮询连接和进程
- 可选地使用Scapy嗅探所有流量以获得新的连接,以提高可靠性
- 受以下项目的启发:
- 玻璃丝
- 小告密者
- 打开窃听器
- 简单墙
- 耳鸣
- picosnitch只提供监视和通知功能,有关GUI、带宽跟踪、防火墙配置或过滤等功能,请参阅上述程序
入门
linux系统
- 使用
从PyPI安装pip3 install picosnitch --upgrade --user
- 可选择安装Scapy
- 您应该能够使用发行版的包管理器安装scapy或python3scapy
- https://scapy.readthedocs.io/en/latest/installation.html
- 使用
picosnitch
- 或者以root用户身份运行daemon以使用Scapy
sudo -E python3 -m picosnitch
窗口
- 使用
从PyPI安装pip install picosnitch --upgrade
- 可选择安装Scapy 在
- 使用
picosnitch
- 如果使用Scapy,您可能需要以管理员身份运行它
源代码构建
- 使用python 3从源代码安装
python setup.py install --user
- 所需的依赖项(如果不存在,则在安装时从PyPI自动安装)
filelock plyer psutil python-daemon
- 可选依赖项(需要手动安装)
scapy
- picosnitch.py也可以直接运行
配置
- 存储在~/.config/picosnitch中/snitch.json文件在
- 如果picosnitch当前正在运行,请在进行任何编辑之前终止它,否则您的更改将丢失
{"Config":{"Enable pcap":false,# bool, use Scapy to sniff traffic"Polling interval":0.2,# float in seconds"Remote address unlog":[80,"firefox"]# list of process names (str) or remote ports (int)# will omit connections that match any of these from the log of remote addresses to avoid clutter# the process and executable will still be logged if it has not been already},"Errors":[],# Log of errors by time"Latest Entries":[],# Log of entries by time"Names":{},# Log of processes by name containing respective executable(s)"Processes":{},# Log of processes by executable containing:# cmdlines, days seen, first seen, last seen, name, ports, remote addresses# some cmdlines are consolidated using * as a wildcard, ports are remote ports"Remote Addresses":{}# Log of remote addresses containing respective executable(s)# and packet summaries if pcap is enabled and process was too short lived for detection via polling# some packet summaries are consolidated using * as a wildcard}
- 项目
标签: