From 111b011be499aade296d2064e7326d05c23b0d12 Mon Sep 17 00:00:00 2001
From: eric <elesiuta@gmail.com>
Date: Sat, 18 Nov 2023 20:33:06 -0500
Subject: [PATCH] update readme

---
 README.md     | 3 ++-
 docs/index.md | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 193825d..5ff5212 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,8 @@
 - 📈 Monitors your bandwidth, breaking down traffic by executable, hash, parent, domain, port, or user over time
 - 🌍 Web and terminal interfaces with GeoIP lookups for each connection ([IP Geolocation by DB-IP](https://db-ip.com))
 - 🛡️ Can optionally check hashes or executables using [VirusTotal](https://www.virustotal.com)
-- 🚀 Executable hashes are cached based on device + inode for improved performance, and works with applications running inside containers
+- 🚀 Executable hashes are cached based on device + inode for improved performance
+- 🐳 Detects applications running inside containers, multiple versions of the same app are differentiated based on their hash
 - 🕵️ Uses [BPF](https://ebpf.io/) for [accurate, low overhead bandwidth monitoring](https://www.gcardone.net/2020-07-31-per-process-bandwidth-monitoring-on-Linux-with-bpftrace/) and [fanotify](https://man7.org/linux/man-pages/man7/fanotify.7.html) to watch executables for modification
 - 👨‍👦 Since applications can call others to send/receive data for them, the parent executable and hash is also logged for each connection
 - 🧰 Pragmatic and minimalist design focusing on [accurate detection with clear and reliable error reporting when it isn't possible](#limitations)
diff --git a/docs/index.md b/docs/index.md
index 193825d..5ff5212 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -8,7 +8,8 @@
 - 📈 Monitors your bandwidth, breaking down traffic by executable, hash, parent, domain, port, or user over time
 - 🌍 Web and terminal interfaces with GeoIP lookups for each connection ([IP Geolocation by DB-IP](https://db-ip.com))
 - 🛡️ Can optionally check hashes or executables using [VirusTotal](https://www.virustotal.com)
-- 🚀 Executable hashes are cached based on device + inode for improved performance, and works with applications running inside containers
+- 🚀 Executable hashes are cached based on device + inode for improved performance
+- 🐳 Detects applications running inside containers, multiple versions of the same app are differentiated based on their hash
 - 🕵️ Uses [BPF](https://ebpf.io/) for [accurate, low overhead bandwidth monitoring](https://www.gcardone.net/2020-07-31-per-process-bandwidth-monitoring-on-Linux-with-bpftrace/) and [fanotify](https://man7.org/linux/man-pages/man7/fanotify.7.html) to watch executables for modification
 - 👨‍👦 Since applications can call others to send/receive data for them, the parent executable and hash is also logged for each connection
 - 🧰 Pragmatic and minimalist design focusing on [accurate detection with clear and reliable error reporting when it isn't possible](#limitations)