Finding packets with ngrep
The ngrep
application is a cross between grep
and tcpdump
. It watches network ports and displays packets that match a pattern. You must have root privileges to run ngrep
.
Getting ready
You may not have the ngrep
package installed. However, it can be installed with most package managers:
# apt-get install ngrep # yum install ngrep
How to do it...
The ngrep
application accepts a pattern to watch for (such as grep
), a filter string (such as tcpdump
), and many command-line flags to fine-tune its behavior.
The following example watches the traffic on port 80
and reports any packets with the string Linux
in them:
$> ngrep -q -c 64 Linux port 80 interface: eth0 (192.168.1.0/255.255.255.0) filter: ( port 80 ) and (ip or ip6) match: Linux T 192.168.1.44:36602 -> 152.160.80.35:80 [AP] GET /Training/linux_detail/ HTTP/1.1..Host: noucorp.com..Us er-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20 100101 Firefox/45.0..Accept: text/html,application/xhtml+xm l...