Questions tagged [ngrep]

ngrep (network grep) is a network packet analyzer for many UNIX-like operating systems: Linux, Solaris, illumos, BSD, AIX, and also works on Microsoft Windows

ngrep (network grep) is a network packet analyzer written by Jordan Ritter. It has a command-line interface, and relies upon the pcap library and the GNU regex library.

ngrep supports Berkeley Packet Filter (BPF) logic to select network sources or destinations or protocols, and also allows to match patterns or regular expressions in the data payload of packets using GNU grep syntax, showing packet data in a human-friendly way.

ngrep is an open source application, and the source code is available to download from the ngrep site on SourceForge. It can be compiled and ported to multiple platforms, it works in many UNIX-like operating systems: Linux, Solaris, illumos, BSD, AIX, and also works on Microsoft Windows.

Source:

https://en.wikipedia.org/wiki/Ngrep

2 questions

vote

0 answers

ngrep does not show whole payload

I am using following command to grep HTTP requests and payload: sudo ngrep -q -d any -W byline /v1/my/api This prints the payload, but for larger payloads, it trims those and print, How do I see complete payload even if they are large? I saw there…

ngrep

asked Jan 22 '19 at 14:02

Saurabh

votes

1 answer

ngrep output format clarification

I am trying to debug a connection that has been appearing in my environment from an unknown server. I want to find a PID if it is associated with one. Tried "netstat -anp" but it doesn't find anything. But the connection is sporadic, so I tried…

pcap ngrep

asked Sep 29 '16 at 15:52

JDS

2,598
4
30
49