Skip to Main Content
Wireless Hacks
book

Wireless Hacks

by Rob Flickenger
September 2003
Intermediate to advanced content levelIntermediate to advanced
304 pages
8h 39m
English
O'Reilly Media, Inc.
Content preview from Wireless Hacks

Network Monitoring with ngrep

See who’s doing what, with a grep for your network interface.

The ngrep (http://www.packetfactory.net/Projects/ngrep) utility is an interesting packet capture tool, similar to [Hack #37] and [Hack #38]. It is unique in that it attempts to make it as easy as possible to match which captured packets to print, by using a grep-compatible format (complete with regular expressions and a bunch of GNU grep’s switches). It also converts the packets to ASCII (or hex) before printing.

For example, to see the contents of all HTTP GET requests that pass through your router, try this:

# ngrep -q GET

If you’re interested only in a particular host, protocol, or port (or other packet matching criteria), you can specify a bpf filter as well as a data pattern. It uses a syntax similar to tcpdump:

# ngrep -qi rob@nocat.net port 25
T 10.42.4.7:65174 -> 209.204.146.26:25 [AP]
 RCPT TO:..                         

T 209.204.146.26:25 -> 10.42.4.7:65174 [AP]
 250 2.1.5 ... Recipient ok..                

T 10.42.4.7:65174 -> 209.204.146.26:25 [AP]
 Date: Sun, 8 Sep 2002 23:55:18 -0700..Mime-Version: 1.0 (Apple Message fram
 ework v543)..Content-Type: text/plain; charset=US-ASCII; format=flowed..Sub
 ject: Greetings.....From: John Doe ..To: rob@nocat.net..Content-Transfer-En
 coding: 7bit..Message-Id: ..X-Mailer: Apple Mail v2)....What does t
 hat pgp command you mentioned do again?....Thanks,....--A Friend....

Since ngrep prints to STDOUT, you can do post-processing on the output to make a nice printing filter. If you process ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Maximum Wireless Security

Maximum Wireless Security

Cyrus Peikari, Seth Fogie
Real Time Over Wireless

Real Time Over Wireless

Jerome Henry / Rob Barton
Troubleshooting Linux® Firewalls

Troubleshooting Linux® Firewalls

Michael Shinn, Scott Shinn

Publisher Resources

ISBN: 0596005598Catalog PageErrata