Forrest logo
tool overview
On this page you find all important commands for the CLI tool ngrep. If the command you are looking for is missing please ask our AI.

ngrep

ngrep is a command line tool used for network packet sniffing and analysis. It stands for network grep, and its name is derived from the classic grep command used for searching text within files. However, instead of searching files, ngrep allows you to search for specific network packets.

With ngrep, you can intercept and analyze the data flowing through a network interface, providing valuable insights into network traffic. It is particularly useful for diagnosing network issues, monitoring network activity, and performing network security analysis.

The tool offers flexible filtering options, allowing you to define search criteria based on protocols, ports, IP addresses, and other packet attributes. This makes it easy to narrow down the captured packets to focus on specific network traffic of interest.

ngrep also supports regular expression matching, enabling you to create complex search patterns and extract specific information from the captured packets. This can be quite handy when you are trying to identify specific patterns or anomalies in network data.

Packet data captured by ngrep can be displayed in real-time or saved to a file for later analysis. It presents packet information in a user-friendly manner, including packet headers, payload data, packet size, source and destination IP addresses, and more.

The tool can capture packets from both Ethernet and Wi-Fi interfaces, making it compatible with a wide range of network setups.

ngrep offers various command line options, making it highly configurable to suit your specific requirements. You can control the verbosity level, specify output formats, set capture time durations, and more.

The captured packets can be analyzed further using other tools, such as Wireshark, by saving them in a format compatible with those tools.

ngrep is an open-source tool released under the GNU General Public License (GPL), making it freely available for anyone to use and modify.

Overall, ngrep is a powerful and versatile command line tool for network packet analysis, providing network administrators and security professionals with valuable insights into network traffic and aiding in network troubleshooting and security analysis.

List of commands for ngrep:

  • ngrep:tldr:19dd3 ngrep: Capture traffic crossing port 22 of interface eth0.
    $ ngrep -d ${eth0} port ${22}
    try on your machine
    explain this command
  • ngrep:tldr:3e31e ngrep: Capture traffic of a specific interface.
    $ ngrep -d ${eth0}
    try on your machine
    explain this command
  • ngrep:tldr:71416 ngrep: Capture traffic from or to a host.
    $ ngrep host ${www-example-com}
    try on your machine
    explain this command
  • ngrep:tldr:7dade ngrep: Capture traffic of all interfaces.
    $ ngrep -d any
    try on your machine
    explain this command
  • ngrep:tldr:a960f ngrep: Filter keyword 'User-Agent:' of interface eth0.
    $ ngrep -d ${eth0} '${User-Agent:}'
    try on your machine
    explain this command
tool overview