1 files changed, 12 insertions, 8 deletions
diff --git a/README.md b/README.md
index fcf92f56a..31a20a951 100644
--- a/README.md
+++ b/README.md
@@ -298,19 +298,23 @@ INTRUSION DETECTION SYSTEM (IDS)
 ### Network Monitor
 `````
-       --nettrace=name|pid
+        --nettrace=name|pid
              Monitor TCP and UDP traffic coming into the sandbox specified by
              name or pid. Only networked sandboxes  created  with  --net  are
              supported.
              $ firejail --nettrace=browser
-              9.9.9.9:53              =>      192.168.1.60    UDP: 122 B/sec
+                 86 KB/s *********           64.222.84.207:443 United States
-              72.21.91.29:80          =>      192.168.1.60    TCP: 257 B/sec
+                 76 KB/s ********            192.229.210.163:443 MCI
-              80.92.126.65:123        =>      192.168.1.60    UDP: 25 B/sec
+                111 B/s                      9.9.9.9:53 Quad9 DNS
-              69.30.241.50:443        =>      192.168.1.60    TCP: 88 KB/sec
+                 32 KB/s ***                 142.250.179.182:443 Google
-              140.82.112.4:443        =>      192.168.1.60    TCP: 1861 B/sec
+              If  /usr/bin/geoiplookup  is  installed (geoip-bin packet in De‐
-              (14 streams in the last one minute)
+              bian), the country the IP address originates from  is  added  to
+              the trace.  We also use the static IP map in /etc/firejail/host‐
+              names to print the domain names for some of the more common web‐
+              sites  and  cloud platforms.  No external services are contacted
+              for reverse IP lookup.
 `````

diff --git a/README.md b/README.md index fcf92f56a..31a20a951 100644 --- a/README.md +++ b/README.md
@@ -298,19 +298,23 @@ INTRUSION DETECTION SYSTEM (IDS)
298		298
299	### Network Monitor	299	### Network Monitor
300	`````	300	`````
301	--nettrace=name\|pid	301	--nettrace=name\|pid
302	Monitor TCP and UDP traffic coming into the sandbox specified by	302	Monitor TCP and UDP traffic coming into the sandbox specified by
303	name or pid. Only networked sandboxes created with --net are	303	name or pid. Only networked sandboxes created with --net are
304	supported.	304	supported.
305		305
306	$ firejail --nettrace=browser	306	$ firejail --nettrace=browser
307	9.9.9.9:53 => 192.168.1.60 UDP: 122 B/sec	307	86 KB/s ********* 64.222.84.207:443 United States
308	72.21.91.29:80 => 192.168.1.60 TCP: 257 B/sec	308	76 KB/s ******** 192.229.210.163:443 MCI
309	80.92.126.65:123 => 192.168.1.60 UDP: 25 B/sec	309	111 B/s 9.9.9.9:53 Quad9 DNS
310	69.30.241.50:443 => 192.168.1.60 TCP: 88 KB/sec	310	32 KB/s *** 142.250.179.182:443 Google
311	140.82.112.4:443 => 192.168.1.60 TCP: 1861 B/sec	311
312		312	If /usr/bin/geoiplookup is installed (geoip-bin packet in De‐
313	(14 streams in the last one minute)	313	bian), the country the IP address originates from is added to
		314	the trace. We also use the static IP map in /etc/firejail/host‐
		315	names to print the domain names for some of the more common web‐
		316	sites and cloud platforms. No external services are contacted
		317	for reverse IP lookup.
314		318
315	`````	319	`````
316		320