ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring, and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
|Tags||Software Development Debuggers Networking Monitoring|
|Licenses||BSD Original BSD Revised|
|Operating Systems||Windows POSIX|
Release Notes: This release fixes an under-sized snaplen bug resulting in garbage input to the pattern matcher, a bug in the IPv6/TCP packet length calculation, and a double-free race condition during ngrep termination. It reworks packet length calculation in the main processing loop (yielding a performance improvement), simplifies the build system logic, and changed "-s 0'' to match tcpdump behaviour. It adds support for IEEE802_11_RADIO (radiotap).
Release Notes: This release has IPv6 support, improved support for parsing raw protocols, a new mechanism for single-line output, code reorganization to support more protocols, and updated configure to be more informative.
Release Notes: ngrep now builds from the same source tree for all platforms, including Win32. New drop_privs logic was introduced after problems were reported with the SPC version. An off-by-one bug which caused ngrep to exit one packet early with "-A" was fixed. A problematic cfgtest for an old broken-redhat-glibc UDP header was fixed. ngrep now sets a pcap filter "ip" by default if one is not specified. A header offset fix was made for 802.11 processing. Support for IGMP and Raw type packets was added. Support for the latest versions of libpcap, winpcap, and PCRE was added. autoconf was updated to 2.59, and config.guess and config.sub were updated to the latest versions.
Release Notes: Autoconf and the privilege revocation logic were entirely rewritten. Two new output modes were added, regex matches are now conducted in multi-line mode by default, and the abilities to specify the non-printable character, read the BPF filter logic from a file, and force the column width were also added. Program output under quiet mode was improved, and the documentation has been updated.
Release Notes: This release adds LOOP and SLL configure tests, 802.11 support, setuid()/setgid() privilege revocation after startup, TCP ECN support, improved OS support, and relaxed LICENSE restrictions.