Passing regex file to Ngrep to check pcap

Asked May 01 '14 at 06:40

Active May 01 '14 at 06:40

Viewed 694 times

I have a pcap file and a file of regular expressions.

The regular expressions file consists of more than 20 regular expressions like this:

[Pp][Oo][Ss][Tt]
.*fpleq.*po
put{0,1}
.
.
.

Now, I know how to give a single regular expression to check in a pcap file using ngrep.

ngrep -i '[dD][eE][lL][eE][tT][eE] '  -I test.pcap tcp -O p.pcap -q

But if I have to check all the regular expressions altogether then how can I achieve this task?

asked May 01 '14 at 06:40

Xara

do you want to find packets matching all expressions? – perreal May 01 '14 at 06:45
@perreal I want to give it a list of regular expressions using a text file. Any packet which matches any one of the regular expressions listed, it should report that packet. – Xara May 01 '14 at 06:48

0 Answers0