Difference between revisions of "Ngrep"

From Christoph's Personal Wiki
Jump to: navigation, search
(See also)
(Usage)
Line 15: Line 15:
 
  ngrep -tD ns3 -I /tmp/dns.dump
 
  ngrep -tD ns3 -I /tmp/dns.dump
 
  ngrep -I /tmp/dns.dump port 80
 
  ngrep -I /tmp/dns.dump port 80
 +
*Monitor all traffic not going over port 22 (i.e., SSH):
 +
ngrep not port 22 | strings 8
 +
*Monitor all traffic coming from a certain host:
 +
ngrep host 192.168.0.103
  
 
==See also==
 
==See also==

Revision as of 19:15, 7 May 2014

ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. It was written by Jordan Ritter.

Usage

Note: See here for detailed examples.

  • Example: Basic Packet Sniffing
ngrep -d any port 25
ngrep -d any 'error' port syslog
ngrep -wi -d any 'user|pass' port 21
  • Example: Debugging HTTP interactions
ngrep port 80
ngrep -W byline port 80
  • Example: Processing PCAP dump files, looking for patterns
ngrep -O /tmp/dns.dump -d any -T port domain
ngrep -w 'm' -I /tmp/dns.dump
ngrep -tD ns3 -I /tmp/dns.dump
ngrep -I /tmp/dns.dump port 80
  • Monitor all traffic not going over port 22 (i.e., SSH):
ngrep not port 22 | strings 8
  • Monitor all traffic coming from a certain host:
ngrep host 192.168.0.103

See also

  • nmap — network exploration tool and security scanner[1]
  • tcpdump — dump traffic on a network[2]
  • snoop — capture and inspect network packets
  • netcat (aka nc) — a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.[3]
  • Netfilter
  • NetCalc
  • Whois
  • Nagios — an Open Source host, service, and network monitoring program.
  • Wireshark — network protocol analyser
  • flowgrep — a basic IDS/IPS tool written in Python as a way to help you investigate and manage your network.

External links