|
| cool Statistics |
| | coolcommands: | 1338 | | Categories: | 83 | | Total queries: | 620068 | | Members: | 22813 |
|
|
|
|
 |
|
|
|
Search coolcommands.com
 |
Submitted by:
lvo |
coolcommand
ngrep - packet sniffing tool with grep features |
Description
ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
# ngrep <-hXViwqpevxlDtTRM> <-IO pcap_dump> <-n num> <-d dev> <-A num>
<-s snaplen> <-S limitlen> <-W normal|byline|none> <-c cols>
<-P char> <-F file>
-h is help/usage
-X is interpret match expression as hexadecimal
-V is version information
-i is ignore case
-w is word-regex (expression must match as a word)
-q is be quiet (don't print packet reception hash marks)
-p is don't go into promiscuous mode
-e is show empty packets
-v is invert match
-x is print in alternate hexdump format
-l is make stdout line buffered
-D is replay pcap_dumps with their recorded time intervals
-t is print timestamp every time a packet is matched
-T is print delta timestamp every time a packet is matched
-R is don't do privilege revocation logic
-M is don't do multi-line match (do single-line match instead)
-O is dump matched packets in pcap format to pcap_dump
-I is read packet stream from pcap format file pcap_dump
-n is look at only num packets
-d is use a device different from the default (pcap)
-A is dump num packets after a match
-s is set the bpf caplen
-S is set the limitlen on matched packets
-W is set the dump format (normal, byline, none)
-c is force the column width to the specified size
-P is set the non-printable display char to what is specified
-F is read the bpf filter from the specified file
is either an extended regular expression or a
hexadecimal string. see the man page for more
information.
is any bpf filter statement.
Examples:
Monitor all traffic across smtp port 25:
# ngrep -d any port 25
Monitor syslog traffic for the occurrence of the word error:
# ngrep -d any 'error' port syslog
Monitor ftp traffic looking case-insensitively for the words user or pass:
# ngrep -wi -d any 'user|pass' port 21
Debug http traffic:
# ngrep port 80
Debug http traffic in more readable format:
# ngrep -W byline port 80 |
Example
ngrep port 80 |
Return to search results
 | | | |
Random coolcommands
coolcommand: mtlib - how to show useful statistical data from your robot
Example: mtlib -l /dev/lmcp0 -qS
[show me the details] |
coolcommand: dspmqcap - how to display the current purchased capacity units in Websphere MQ
Example: dspmqcap
[show me the details] |
coolcommand: vxprint - how to display all the available information in Veritas Volume Manager
Example: vxprint -ht
[show me the details] |
coolcommand: man - how to get information on the usage or flags of a unix command
Example: man find
[show me the details] |
|
|
coolcommands.com - the search engine for UNIX sysadmins :: unix commands and scripts
| | | | |
|
|
|
|
 |
|
|
|
|
Top 5 Submitters
|
|---|
| lvo | 1160 |
| audet | 37 |
| kah00na | 32 |
| Mariom | 24 |
| lebjf000 | 14 |
Top 5 Searches
|
|---|
| Category Solaris | 51939 |
| Category AIX | 49005 |
| Category General UNIX | 47487 |
| solaris | 23554 |
| aix | 22739 |
|
|
|
|
Saturday May 18, 2013
