ngrep
ngrep is a pcap-aware tool that applies GNU grep features to network traffic, allowing extended regular expressions to match packet data payloads. It supports TCP, UDP, and ICMP across various interfaces and understands BPF filter logic like tcpdump.
Description
ngrep strives to provide most of GNU grep’s common features, applying them to the network layer. It is designed for searching and matching patterns in network packet payloads using extended regular expressions. This makes it powerful for analyzing network traffic in real-time or from captures.
Use cases include protocol analysis, debugging network issues, security monitoring for specific patterns in traffic, and extracting data from packet contents. It works across Ethernet, PPP, SLIP, and null interfaces, supporting common packet sniffing workflows.
ngrep recognizes TCP, UDP, and ICMP protocols and integrates BPF filters, enabling precise traffic selection similar to tools like tcpdump and snoop.
How It Works
ngrep operates as a pcap-aware tool, capturing network packets and applying extended regular expressions to match against data payloads. It understands BPF filter logic for selecting traffic and supports TCP, UDP, and ICMP protocols across Ethernet, PPP, SLIP, and null interfaces. Matches are displayed with packet details, mimicking grep's output style on network data.
Installation
sudo apt install ngrepFlags
Examples
ngrep -hngrep <-IO pcap_dump>ngrep -n numngrep -d devngrep -A numngrep -s snaplenngrep <match expression> <bpf filter>