Friday, February 1, 2013

ngrep

Another useful network debugging tool:

http://ngrep.sourceforge.net/usage.html

It works similar to grep except it scans network ports!

You can use -d to specify the Ethernet interface and -x to dump the data in hex.    It also has primities such as "port 80" to listen to only web service traffic.  The -W byline command helps to expose the line feeds.

 -W normal|byline|single|none
              Specify  an  alternate manner for displaying packets, when not in hexadecimal mode.  The ``byline'' mode honors embedded line‐feeds, wrapping text only when a linefeed is encountered (useful for observing HTTP transactions, for instance).  The ``none'' mode  doesn't  wrap under any circumstance (entire payload is displayed on one line).  The ``single'' mode is conceptually the same as ``none'', except that everything including IP and source/destination header information is all on  one  line.   ``nor‐mal'' is the default mode and is only included for completeness.  This option is incompatible with ``-x''.

No comments:

Post a Comment