Ngrep

From Christoph's Personal Wiki
Revision as of 03:11, 24 March 2007 by Christoph (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. It was written by Jordan Ritter.

Usage

Note: See here for detailed examples.

  • Example: Basic Packet Sniffing
ngrep -d any port 25
ngrep -d any 'error' port syslog
ngrep -wi -d any 'user|pass' port 21
  • Example: Debugging HTTP interactions
ngrep port 80
ngrep -W byline port 80
  • Example: Processing PCAP dump files, looking for patterns
ngrep -O /tmp/dns.dump -d any -T port domain
ngrep -w 'm' -I /tmp/dns.dump
ngrep -tD ns3 -I /tmp/dns.dump
ngrep -I /tmp/dns.dump port 80

See also

External links

Retrieved from "http://wiki.christophchamp.com/index.php?title=Ngrep&oldid=3503"