Network ngrep 1.40

Posted by guru on August 31st, 2007 at 03:05pm

Goal

To create a program that mimicks as much functionality of GNU grep as possible, applied at the network layer.

Description

ngrep strives to provide most of GNU grep’s common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

Parameters

ngrep <-hXViwqpevxlDtT> <-IO pcap_dump> <-n num>
	<-d dev> 	<-A num>	<-s snaplen>
	<match expression> <bpf filter>
-h  is help/usage
-X  is interpret match expression as hexadecimal
-V  is version information
-i  is ignore case
-w  is word-regex (expression must match as a word)
-q  is be quiet
-p  is don't go into promiscuous mode
-e  is show empty packets
-v  is invert match
-x  is print in alternate hexdump format
-l  is make stdout line buffered
-D  is replay pcap_dumps with their recorded time intervals
-t  is print timestamp every time a packet is matched
-T  is print delta timestamp every time a packet is matched
-s  is set the bpf caplen
-I  is dump matched packets in pcap format to pcap_dump
-O  is read packet stream from pcap format file pcap_dump
-n  is look at only num packets
-d  is use a device different from the default (pcap)
-A  is dump num packets after a match    <match expression>   is
	either an extended regular expression or a
	hexadecimal string.  see the man page for more
	information.
<bpf filter>         is any bpf filter statement.

Known Working Platforms

  • Linux 2.0 - 2.4
    • (RH6+, SuSE, TurboLinux, Debian)/x86
    • RedHat/alpha
    • Debian/powerpc
    • Cobalt (Qube2) Linux/MIPS
  • Solaris 2.5.1, 2.6/SPARC, Solaris 7/x86, Solaris 8/SPARC
  • FreeBSD 2.2.5, 3.1, 3.2, 3.4-RC, 3.4-RELEASE, 4.0
  • OpenBSD 2.4 (after upgrading pcap from 0.2)
  • NetBSD 1.5/SPARC
  • Digital Unix V4.0D (OSF/1)
  • Windows 95, Windows 98, Windows NT 4.0, Windows 2000
  • HPUX 11
  • IRIX
  • AIX 4.3.3.0/PowerPC

Examples

ngrep  -qd eth1 'www' tcp port 80
 Be quiet, look only at tcp packets with either source or dest port 80 on interface eth1, look for anything matching ‘www’. 
ngrep  -qd le0  in-addr  port 53
 Look at all packets with either source or dest port 53 on interface le0, that match match ‘in-addr’. Be quiet. 
ngrep  'USER|PASS'  tcp port 21
 Look only at tcp packets with either source or dest port 21, look for anything resembling an FTP login. 
ngrep  -wi  'user|pass'  tcp port 21
 Look at tcp packets with either source or dest port 21, that match either ‘user’ or ‘pass’ (case insensitively) as a word. 
ngrep -wiA 2   'user|pass'  tcp port 21
 Alternatively, match either ‘user’ or ‘pass’ case insensitively, and dump the next 2 packets following (that match the bpf filter).

Download ngrep 1.40 (6.6.2001)

Source:  ngrep-1.40.tar.gz(646KB)

Man page:  ngrep.8.htm (14KB)

Unix Binary:  ngrep-1.40-linux-elf-static.gz (196KB)

Mirror Unix Binary: ngrep-1.40-linux-elf-static.gz (196KB)

RPM:  ngrep-1.40-1.i386.rpm (68.7KB)

Windows Source:  ngrep-1.40-win32-source.zip (130KB - Microsoft Visual C++ project)

Windows Binary:  ngrep-1.40-win32-full.zip (197KB - Source + Win32 binary)

Mirror Windows Binary: ngrep-1.40-win32-full.zip (197KB - Source + Win32 binary)

by Jordan Ritter

Under Enumeration

5 Comments for Network ngrep 1.40

  • 1. snes  |  April 3rd, 2008 at 9:16 am

    My opinion is that this website is one of those, created for people with a low intellect level, with a stupidest points of view ever. Seems like only retards gathered together here, to discuss their retarded thoughts. Just read there comments! Man! It’s hilarious. They all act like kids in kindergarten, but kids are even smarter!

  • 2. Kylie Batt&hellip  |  April 12th, 2010 at 2:27 am

    ????????, ?? ? ??? ??????……..

    ???????-??????????? […….

  • 3. Kylie Batt&hellip  |  April 21st, 2010 at 2:25 am

    ???????? ???????????? ? ?????? ??????…

    ??????????? ?????????? Goal
    To create a program that mimicks as much functionality of GNU grep as possible, applied at the network layer…..

  • 4. LYNN&hellip  |  July 21st, 2010 at 5:43 pm

    < blockquote >< a href=”http://medicamentspot.com/”>Medicamentspot.com. Canadian Health&Care.Best quality drugs.No prescription online pharmacy.Special Internet Prices. No prescription pills. Order pills online< /a >…

    Buy:Buspar.Cozaar.Aricept.Zocor.Ventolin.Lasix.Female Pink Viagra.Benicar.Advair.Lipitor.Nymphomax.Lipothin.Zetia.Acomplia.SleepWell.Amoxicillin.Female Cialis.Wellbutrin SR.Prozac.Seroquel….

  • 5. Binoculars&hellip  |  August 30th, 2010 at 2:28 am

    22×100 http://fwhitemig41.03GMCPARTS.US/tag/22×100+binoculars+oberwerk+Binoculars/ : binoculars…

    Binoculars…

Leave a Comment for Network ngrep 1.40

Required

Required, hidden

Trackback this post  |  Subscribe to the comments via RSS Feed

Recent Blog Posts

Categories

Posts by Month

Blogroll