ngrep
ngrep copied to clipboard
jpr5
ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It under...
The original PCRE API provided on most systems by libpcre3 is no longer maintained upstream and is superseded by the new PCRE2 API, which was first released in 2015. pcre3...
I had this PR sitting in my fork for some; completely forgot about it. So here goes: Simply let the `_WIN32` code call `Sleep()`. The `delay_socket` is IMHO just an...
It's quite confusing to think of an device-index when it comes to WinPcap devices. This PR allows an argument for option `-d` to be either a number (> 0 as...
We need to suppress output until we have set up output file. If output file is stdout we keep very quiet. Signed-off-by: Kristian Høgh
Using ngrep with more than 6 filters on a newer kernel version such as 4.18, 5.0, 5.3 or 5.4 will result in a complete fail when libpcap v1.8.1 is used...
In the ngrep manpage, in reference to the `-R` command line option, it reads > Do not try to drop privileges to the DROPPRIVS_USER However, there is no other use...
ngrep currently doesn't search FIX msgs one by one but TCP packet by packet (one TCP packet can contain multiple FIX msgs). The resulting pcap file thus contains not only...
I'm not the best at compiling things so I could missing something obvious. Trying to compile with tcpkill support on MacOS but it errors with `tcpkill feature enabled but no...
I've tried filtering for DNS queries and can't see an IP in the response, what am I doing wrong? ``` sudo ngrep -W single -l -q -d any -i ""...
