cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
33d60fa1fa
openbsd-ports/net/ngrep/pkg/DESCR
dugsong 4902c79ef9 update to version 1.31
1999-06-28 14:27:19 +00:00

75 lines
2.2 KiB
Plaintext
Raw Blame History

Description:
ngrep strives to provide most of GNU grep's common features,
applying them to the network layer. ngrep is a pcap-aware tool that
will allow you to specify extended regular expressions to match
against data payloads of packets. It currently recognizes TCP and
UDP across ethernet, ppp and slip interfaces, and understands bpf
filter logic in the same fashion as more common packet sniffing
tools, like tcpdump and snoop.
Usage:
ngrep <-hviwqe> <-n num> <-d dev> <-A num> <regex> <pcap filter logic>
-h is help/usage
-v is version information
-i is ignore case
-w is word-regex (expression must match as a word)
-q is be quiet
-e is show empty packets
-n is look at only num packets
-d is use a device different from the default (pcap)
-A is dump num packets after a match
<regex> is any extended regular expression (metachars are
significant and don't have to be escaped)
<filter> is any pcap filter statement
As of v1.28, ngrep doesn't require a regex. There are cases where
it will be confused and think part of your bpf filter is the regex,
as in:
% ngrep not port 80
interface: eth0 (192.233.133.0/255.255.255.0)
filter: ip and ( port 80 )
match: not
In cases like this, you will need to specify a blank regex:
% ngrep '' not port 80
interface: eth0 (192.233.133.0/255.255.255.0)
filter: ip and ( not port 80 )
Examples:
o ngrep -qd eth1 'HTTP' tcp port 80
Be quiet, look only at tcp packets with either source or dest port
80 on interface eth1, look for anything matching 'HTTP'.
o ngrep '(USER|PASS)' tcp port 21
Look only at tcp packets with either source or dest port 21, look
for anything resembling an FTP login.
o ngrep -wi '(user|pass)' tcp port 21
Look at tcp packets with either source or dest port 21, that match
either 'user' or 'pass' (case insensitively) as a word.
o ngrep -wiA 2 '(user|pass)' tcp port 21
Alternatively, match either 'user' or 'pass' case insensitively,
and dump the next 2 packets following (that match the bpf filter).
o ngrep -qd le0 port 53
Watch all tcp and udp port 53 (nameserver) traffic on interface
le0. Be quiet.
Reference in New Issue View Git Blame Copy Permalink