Judul : Ngrep–Grep patterns in Network traffic
link : Ngrep–Grep patterns in Network traffic
Ngrep–Grep patterns in Network traffic
We have got a lot of packet sniffer/analyzer software out there, I am a self confessed Wireshark & Ettercap lover, but still, when it comes to analyzing network traffic from command line in a fast manner, ngrep is my one of my favourites. Written by Jordan Ritter its used to “grep” traffic patterns from the network interfaces. As per official documentation -
ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
ngrep runs on Windows & *nix platforms alike and you need WinPCAP to run it since it relies on it.
Once you install it, it by default uses the first interface on your machine, so , make sure to check the detected interfaces by running -
C:\Users\RISHABH\Desktop>ngrep -L
idx dev
--- ---
1: \Device\NPF_{4D491111-D331-42BC-9A33-98EF8C40D422} (Microsoft)
2: \Device\NPF_{ADBF6AC1-D111-463D-8D99-C58FA1BEF979} (Sun)
3: \Device\NPF_{6F801AE0-CA61-4A6D-B5FF-DCB7CE8FC529} (VMware Virtual Ethernet Adapter)
4: \Device\NPF_{930B6EC8-A5E3-4FFA-B68F-F159FDFC2064} (VMware Virtual Ethernet Adapter)
5: \Device\NPF_{D1999293-A041-4C2A-B63F-5D8B4906000F} (Realtek PCIe GBE Family Controller)
exit
Now for example you want to check out whats going on at port 23 using interface 5
C:\Users\RISHABH\Desktop>ngrep -d 5 port 23
interface: \Device\NPF_{D1999293-A041-4C2A-B63F-5D8B4906000F} (192.168.1.0/255.255.255.0)
filter: (ip or ip6) and ( port 23 )
exit
0 received, 0 dropped
Piece of cake.. and if you want to filter any website in you are searching for keyword "password" then :
ngrep -d 5 “password” port 80
Easy aint it ? Ngrep does it all : ] With some complex grep commands , you can become a pcap ninja.
Well, you can
Demikianlah Artikel Ngrep–Grep patterns in Network traffic
Anda sekarang membaca artikel Ngrep–Grep patterns in Network traffic dengan alamat link https://kokonghod.blogspot.com/2013/03/ngrepgrep-patterns-in-network-traffic.html
0 Response to "Ngrep–Grep patterns in Network traffic"
Post a Comment