Projects / ngrep

ngrep

ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring, and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  28 Nov 2006 23:28

    Release Notes: This release fixes an under-sized snaplen bug resulting in garbage input to the pattern matcher, a bug in the IPv6/TCP packet length calculation, and a double-free race condition during ngrep termination. It reworks packet length calculation in the main processing loop (yielding a performance improvement), simplifies the build system logic, and changed "-s 0'' to match tcpdump behaviour. It adds support for IEEE802_11_RADIO (radiotap).

    •  04 Jul 2005 21:56

      Release Notes: This release has IPv6 support, improved support for parsing raw protocols, a new mechanism for single-line output, code reorganization to support more protocols, and updated configure to be more informative.

      •  24 Feb 2005 15:35

        Release Notes: ngrep now builds from the same source tree for all platforms, including Win32. New drop_privs logic was introduced after problems were reported with the SPC version. An off-by-one bug which caused ngrep to exit one packet early with "-A" was fixed. A problematic cfgtest for an old broken-redhat-glibc UDP header was fixed. ngrep now sets a pcap filter "ip" by default if one is not specified. A header offset fix was made for 802.11 processing. Support for IGMP and Raw type packets was added. Support for the latest versions of libpcap, winpcap, and PCRE was added. autoconf was updated to 2.59, and config.guess and config.sub were updated to the latest versions.

        •  29 Mar 2004 09:00

          Release Notes: Autoconf and the privilege revocation logic were entirely rewritten. Two new output modes were added, regex matches are now conducted in multi-line mode by default, and the abilities to specify the non-printable character, read the BPF filter logic from a file, and force the column width were also added. Program output under quiet mode was improved, and the documentation has been updated.

          •  11 Aug 2003 00:43

            Release Notes: This release adds LOOP and SLL configure tests, 802.11 support, setuid()/setgid() privilege revocation after startup, TCP ECN support, improved OS support, and relaxed LICENSE restrictions.

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.