Ngrep | EPFL Graph Search

Are you an EPFL student looking for a semester project?

Work with us on data science and visualisation projects, and deploy your project as an app on top of GraphSearch.

ngrep (network grep) is a network packet analyzer written by Jordan Ritter. It has a command-line interface, and relies upon the pcap library and the GNU regex library. ngrep supports Berkeley Packet Filter (BPF) logic to select network sources or destinations or protocols, and also allows matching patterns or regular expressions in the data payload of packets using GNU grep syntax, showing packet data in a human-friendly way. ngrep is an open source application, and the source code is available to download from the ngrep site on GitHub. It can be compiled and ported to multiple platforms, it works in many UNIX-like operating systems: Linux, Solaris, illumos, BSD, AIX, and also works on Microsoft Windows. ngrep is similar to tcpdump, but it has the ability to look for a regular expression in the payload of the packet, and show the matching packets on a screen or console. It allows users to see all unencrypted traffic being passed over the network, by putting the network interface into promiscuous mode. ngrep with an appropriate BPF filter syntax, can be used to debug plain text protocols interactions like HTTP, SMTP, FTP, DNS, among others, or to search for a specific string or pattern, using a regular expression syntax. ngrep also can be used to capture traffic on the wire and store pcap dump files, or to read files generated by other sniffer applications like tcpdump or wireshark. ngrep has various options or command line arguments. The ngrep man page in UNIX-like operating systems show a list of available options. In these examples, it is assumed that eth0 is the used network interface. Capture network traffic incoming/outgoing to/from eth0 interface and show parameters following HTTP (TCP/80) GET or POST methods ngrep -l -q -d eth0 -i "^GET |^POST " tcp and port 80 Capture network traffic incoming/outgoing to/from eth0 interface and show the HTTP (TCP/80) User-Agent string ngrep -l -q -d eth0 -i "User-Agent: " tcp and port 80 Capture network traffic incoming/outgoing to/from eth0 interface and show the DNS (UDP/53) querys and responses ngrep -l -q -d eth0 -i "" udp and port 53 Capturing raw network traffic from an interface requires special privileges or superuser privileges on some platforms, especially on Unix-like systems.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (4)

Related concepts (8)

A novel scheme for processing packets in a router is presented that provides load sharing among multiple network processors distributed within the router. It is complemented by a feedback control mechanism designed to prevent processor overload. Incoming t ...

2008

Adaptive Load Sharing for Network Processors

Jean-Yves Le Boudec

A novel scheme for processing packets in a router is presented, which provides for load sharing among multiple network processors distributed within the router. It is complemented by a feedback control mechanism designed to prevent processor overload. Inco ...

2002

Adaptive Load Sharing for Network Processors

Jean-Yves Le Boudec

IEEE2002

Comparison of packet analyzers

The following tables compare general and technical information for several packet analyzer software utilities, also known as network analyzers or packet sniffers. Please see the individual products' articles for further information. Basic general information about the software—creator/company, license/price, etc. The utilities can run on these operating systems.

EtherApe

EtherApe is a packet sniffer/network traffic monitoring tool, developed for Unix. EtherApe is free, open source software developed under the GNU General Public License. Network traffic is displayed using a graphical interface. Each node represents a specific host. Links represent connections to hosts. Nodes and links are color-coded to represent different protocols forming the various types of traffic on the network. Individual nodes and their connecting links grow and shrink in size with increases and decreases in network traffic.

Pcap

In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of packet capture, that is not the API's proper name. Unix-like systems implement pcap in the libpcap library; for Windows, there is a port of libpcap named WinPcap that is no longer supported or developed, and a port named Npcap for Windows 7 and later that is still supported.