switches the selected (or auto-detected) network interface into “promiscuous” mode and monitors the network traffic visible to that interface, collecting data on TCP-protocol network connections to the destination port(s) selected on the command line. Alternatively, packets may be read from a local packet-dump file created by ‘tcpdump’, or from a pipe from ‘tcpdump’.
At least one port must be specified. A ‘+’ prefix on a port number means to monitor traffic in both directions on connections to that port. When a new network connection to a selected port is detected (SYN packet), starts collecting data for that connection. Once the connection terminates (FIN or RST packet), or times out or exceeds the maximum data collection threshold, the data collected during the duration of the connection is printed to stdout, together with the connection’s relevant statistics: hosts and ports involved, time-stamps, packet counts, bytes, and the reason for data-collection termination.
git clone https://github.com/juphoff/issniff && cd issniff
gmake / make