May 2017
Beginner
552 pages
28h 47m
English
Content preview from Linux Shell Scripting Cookbook - Third Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
There's more...
The -x option in ngrep displays a hex dump as well as a printable form. Combining this with -X allows you to search for a binary string (perhaps a virus signature or some known pattern).
This example watches for a binary stream from an HTTPS connection:
# ngrep -xX '1703030034' port 443 interface: eth0 (192.168.1.0/255.255.255.0) filter: ( port 443 ) and (ip or ip6) match: 0x1703030034 ################################################# T 172.217.6.1:443 -> 192.168.1.44:40698 [AP] 17 03 03 00 34 00 00 00 00 00 00 00 07 dd b0 02 ....4........... f5 38 07 e8 24 08 eb 92 3c c6 66 2f 07 94 8b 25 .8..$...<.f/...% 37 b3 1c 8d f4 f0 64 c3 99 9e b3 45 44 14 64 23 7.....d....ED.d# 80 85 1b a1 81 a3 d2 7a cd .......z.
The hash marks ...