Monitor network traffic with ngrep
Takeaway: Linux admins should check out the ngrep tool for monitoring network traffic. Here is an overview of this utility.
When it comes to network monitoring, there are a number of available tools out there. However, one tool that administrators often overlook is the network grep (ngrep) tool.
As a network sniffer or monitor, ngrep is very similar in some respects to tcpdump, but it's somewhat different because you can use grep-style syntax to filter what you want.
Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!
Ngrep's most basic use is to listen to all traffic on an interface. However, you can extend this quite a bit to narrow down what you're looking for. Ngrep's syntax is similar to that of tcpdump. Here's an example:
$ ngrep port 80 and src host 192.168.5.10 and dst host 192.168.5.100
This monitors all traffic on port 80 from the host 192.168.5.10 to the host 192.168.5.100.
If you're interested in watching Telnet traffic, you can do so using ngrep. You can make it only return traffic that shows a login string by using grep-style syntax. Here's an example:
$ ngrep -q -t -wi "login" port 23
This tells ngrep to look for the string "login" as a word (without case sensitivity) on port 23 for any connection. In this case, ngrep operates in quiet mode so it only prints out matches. In addition, it timestamps them (as designated by the -t option).
Used in conjunction with tcpdump, ngrep can also be very valuable for searching standard pcap dump files to look for patterns. If you have a large dump file from tcpdump, you can use ngrep to examine it by using standard ngrep commands and issuing it an input file with the -I parameter. Here's an example:
$ ngrep -wi "login" port 23 -I /tmp/packet.dump
Print/View all Posts Comments on this article
sdfsdf
karthikgm@... | 03/08/06
|
I spy with my wee eye
BFilmFan | 03/08/06
|
White Papers, Webcasts, and Downloads
- Volume Activation Technical Reference Guide Microsoft This reference guide is for information technology (IT) implementers whose ... Download Now
- Volume Activation Operations Guide Microsoft Microsoft? Volume Activation helps Volume Licensing customers automate and ... Download Now
- Get top-ranked Novell support for Red Hat at 50% less Novell A simplified IT environment isn't just less complex, it's more reliable. ... Download Now
- Dynamic Virtual Clients Intel Intel IT plans to put virtualization on their client PCs - Dynamic Virtual ... Download Now
- Webinar: Best Practices for Windows 7 Application Compatibility Flexera Software Are your business-critical applications compatible with Windows? 7? Join ... Download Now
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
