Pro Hack - Ngrep–Grep patterns in Network traffic In This Issue... Ngrep–Grep patterns in Network traffic More Recent Articles Search Pro Hack We have got a lot of packet sniffer/analyzer software out there, I am a self confessed Wireshark & Ettercap lover, but still, when it comes to analyzing network traffic from command line in a fast manner, ngrep is my one of my favourites. Written by Jordan Ritter its used to "grep" traffic patterns from the network interfaces. As per official documentation - ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. ngrep runs on Windows & *nix platforms alike and you need WinPCAP to run it since it relies on it.  Once you install it, it by default uses the first interface on your machine, so , make sure to check the detected interfaces by running - C:\Users\RISHABH\Desktop>ngrep -L idx     dev ---     --- 1:     \Device\NPF_{4D491111-D331-42BC-9A33-98EF8C40D422} (Microsoft) 2:     \Device\NPF_{ADBF6AC1-D111-463D-8D99-C58FA1BEF979} (Sun) 3:     \Device\NPF_{6F801AE0-CA61-4A6D-B5FF-DCB7CE8FC529} (VMware Virtual Ethernet Adapter) 4:     \Device\NPF_{930B6EC8-A5E3-4FFA-B68F-F159FDFC2064} (VMware Virtual Ethernet Adapter) 5:     \Device\NPF_{D1999293-A041-4C2A-B63F-5D8B4906000F} (Realtek PCIe GBE Family Controller) exit Now for example you want to check out whats going on at port 23 using interface 5 C:\Users\RISHABH\Desktop>ngrep -d 5  port 23 interface: \Device\NPF_{D1999293-A041-4C2A-B63F-5D8B4906000F} (192.168.1.0/255.255.255.0) filter: (ip or ip6) and ( port 23 ) exit 0 received, 0 dropped Piece of cake.. and if you want to filter any website in you are searching for keyword "password" then : ngrep -d 5 "password" port 80 Easy aint it ? Ngrep does it all : ] With some complex grep commands , you can become a pcap ninja. Well, you can Download Ngrep from here Check out documentation and examples here Learn about Wireshark from here Thanks for your readership. Be a Pro,Visit Prohack. RD • Email to a friend • Article Search • View comments • Track comments • More Recent Articles Cisco Type 4 Passwords cracked–Coding mistake endangers devices CARNA Botnet–Researcher maps Internet using botnet Vulnerable SCADA systems in Finland – Shodan,Hackers and Security. Wardriving at Delhi–Wardriving revisited LinkedIn Malware - Profiles hit with 청강아카데미학원

---

Click here to safely unsubscribe from "Pro Hack." Click here to view mailing archives, here to change your preferences, or here to subscribe • Privacy

---

---

Your requested content delivery powered by FeedBlitz, LLC, 9 Thoreau Way, Sudbury, MA 01776, USA. +1.978.776.9498