| ngrep.8 (ngrep-1_45) | : | ngrep.8 (ngrep-1_47) |
|---|
| | |
| skipping to change at line 52 | | skipping to change at line 52 |
|---|
| -v Invert the match; only display packets that don't match. | | -v Invert the match; only display packets that don't match. |
| | |
| -x Dump packet contents as hexadecimal as well as ASCII. | | -x Dump packet contents as hexadecimal as well as ASCII. |
| | |
| -l Make stdout line buffered. | | -l Make stdout line buffered. |
| | |
| -D When reading pcap_dump files, replay them at their recorded time i
ntervals (mimic realtime). | | -D When reading pcap_dump files, replay them at their recorded time i
ntervals (mimic realtime). |
| | |
| -t Print a timestamp in the form of YYYY/MM/DD HH:MM:SS.UUUUUU everyt
ime a packet is matched. | | -t Print a timestamp in the form of YYYY/MM/DD HH:MM:SS.UUUUUU everyt
ime a packet is matched. |
| | |
|
| -T Print a timestamp in the form of +S.UUUUUU, indicating the delta b | | -T Print a timestamp in the form of +S.UUUUUU, indicating the delta b |
| etween packet matches. | | etween packet matches. Specify |
| | a second time to indicate the delta since the first packet match. |
| | |
| -R Do not try to drop privileges to the DROPPRIVS_USER. | | -R Do not try to drop privileges to the DROPPRIVS_USER. |
| | |
|
| ngrep makes no effort to validate input from live or offline s | | ngrep makes no effort to validate input from live or offline sourc |
| ources as it is focused more on | | es as it is focused more on |
| performance and handling large amounts of data than protocol corre | | performance and handling large amounts of data than protocol cor |
| ctness, which is most often a | | rectness, which is most often a |
| fair assumption to make. However, sometimes it matters and thus | | fair assumption to make. However, sometimes it matters and thus a |
| as a rule ngrep will try to be | | s a rule ngrep will try to be |
| defensive and drop any root privileges it might have. | | defensive and drop any root privileges it might have. |
| | |
|
| There exist scenarios where this behaviour can become an obstacle, | | There exist scenarios where this behaviour can become an obstacle |
| so this option is provided to | | , so this option is provided to |
| end-users who want to disable this feature, but must do so with | | end-users who want to disable this feature, but must do so with an |
| an understanding of the risks. | | understanding of the risks. |
| Packets can be randomly malformed or even specifically designed to | | Packets can be randomly malformed or even specifically designe |
| overflow sniffers and take | | d to overflow sniffers and take |
| control of them, and revoking root privileges is currently the onl
y risk mitigation ngrep employs | | control of them, and revoking root privileges is currently the onl
y risk mitigation ngrep employs |
| against such an attack. Use this option and turn it off at your o
wn risk. | | against such an attack. Use this option and turn it off at your o
wn risk. |
| | |
| -c cols | | -c cols |
|
| Explicitly set the console width to ``cols''. Note that this is t | | Explicitly set the console width to ``cols''. Note that this is |
| he console width, and not the | | the console width, and not the |
| full width of what ngrep prints out as payloads; depending on | | full width of what ngrep prints out as payloads; depending on the |
| the output mode ngrep may print | | output mode ngrep may print |
| less than ``cols'' bytes per line (indentation). | | less than ``cols'' bytes per line (indentation). |
| | |
| -F file | | -F file |
|
| Read in the bpf filter from the specified filename. This is a co
mpatibility option for users | | Read in the bpf filter from the specified filename. This is a
compatibility option for users |
| familiar with tcpdump. Please note that specifying ``-F'' will ov
erride any bpf filter specified | | familiar with tcpdump. Please note that specifying ``-F'' will ov
erride any bpf filter specified |
| on the command-line. | | on the command-line. |
| | |
| -P char | | -P char |
|
| Specify an alternate character to signify non-printable characters
when displayed. The default | | Specify an alternate character to signify non-printable characte
rs when displayed. The default |
| is ``.''. | | is ``.''. |
| | |
|
| | -K num Kill matching TCP connections (like tcpkill). The numeric argumen |
| | t controls how many RST seg- |
| | ments are sent. |
| | |
| -W normal|byline|single|none | | -W normal|byline|single|none |
| Specify an alternate manner for displaying packets, when not in he
xadecimal mode. The ``byline'' | | Specify an alternate manner for displaying packets, when not in he
xadecimal mode. The ``byline'' |
|
| mode honors embedded linefeeds, wrapping text only when a linefeed | | mode honors embedded linefeeds, wrapping text only when a linefeed |
| is encountered. The ``none'' | | is encountered (useful for |
| mode doesn't wrap under any circumstance (entire payload is disp | | observing HTTP transactions, for instance). The ``none'' mode |
| layed on one line). The ``sin- | | doesn't wrap under any circum- |
| gle'' mode is conceptually the same as ``none'', except that | | stance (entire payload is displayed on one line). The ``single'' |
| everything including IP and | | mode is conceptually the same |
| source/destination header information is all on one line. ``norm | | as ``none'', except that everything including IP and source/destin |
| al'' is the default mode and is | | ation header information is all |
| only included for completeness. This option is incompatible with | | on one line. ``normal'' is the default mode and is only included |
| ``-x''. | | for completeness. This option |
| | is incompatible with ``-x''. |
| | |
| -s snaplen | | -s snaplen |
| Set the bpf caplen to snaplen (default 65536). | | Set the bpf caplen to snaplen (default 65536). |
| | |
| -S limitlen | | -S limitlen |
|
| Set the upper limit on the size of packets that ngrep will look at
. Useful for looking at only | | Set the upper limit on the size of packets that ngrep will look
at. Useful for looking at only |
| the first N bytes of packets without changing the BPF snaplen. | | the first N bytes of packets without changing the BPF snaplen. |
| | |
| -I pcap_dump | | -I pcap_dump |
|
| Input file pcap_dump into ngrep. Works with any pcap-compatible
dump file format. This option | | Input file pcap_dump into ngrep. Works with any pcap-compatible d
ump file format. This option |
| is useful for searching for a wide range of different patterns ove
r the same packet stream. | | is useful for searching for a wide range of different patterns ove
r the same packet stream. |
| | |
| -O pcap_dump | | -O pcap_dump |
| Output matched packets to a pcap-compatible dump file. This featu
re does not interfere with nor- | | Output matched packets to a pcap-compatible dump file. This featu
re does not interfere with nor- |
| mal output to stdout. | | mal output to stdout. |
| | |
| -n num Match only num packets total, then exit. | | -n num Match only num packets total, then exit. |
| | |
| -d dev By default ngrep will select a default interface to listen on. Us
e this option to force ngrep to | | -d dev By default ngrep will select a default interface to listen on. Us
e this option to force ngrep to |
| listen on interface dev. | | listen on interface dev. |
| | |
| -A num Dump num packets of trailing context after matching a packet. | | -A num Dump num packets of trailing context after matching a packet. |
| | |
|
| -W normal|byline|none | | |
| Alter the method by which ngrep displays packet payload. ``normal | | |
| '' mode represents the standard | | |
| behaviour, ``byline'' instructs ngrep to respect embedded linef | | |
| eeds (useful for observing HTTP | | |
| transactions, for instance), and ``none'' results in the payload o | | |
| n one single line (useful for | | |
| scripted processing of ngrep output). | | |
| | |
| -c cols | | |
| Ignore the detected terminal width and force the column width to t | | |
| he specified size. | | |
| | |
| -P char | | |
| Change the non-printable character from the default ``.'' to the c | | |
| haracter specified. | | |
| | | |
| match expression | | match expression |
| A match expression is either an extended regular expression, or i
f the -X option is specified, a | | A match expression is either an extended regular expression, or i
f the -X option is specified, a |
| string signifying a hexadecimal value. An extended regular expr
ession follows the rules as | | string signifying a hexadecimal value. An extended regular expr
ession follows the rules as |
| implemented by the GNU regex library. Hexadecimal expression
s can optionally be preceded by | | implemented by the GNU regex library. Hexadecimal expression
s can optionally be preceded by |
| `0x'. E.g., `DEADBEEF', `0xDEADBEEF'. | | `0x'. E.g., `DEADBEEF', `0xDEADBEEF'. |
| | |
| bpf filter | | bpf filter |
| Selects a filter that specifies what packets will be dumped. If n
o bpf filter is given, all IP | | Selects a filter that specifies what packets will be dumped. If n
o bpf filter is given, all IP |
| packets seen on the selected interface will be dumped. Otherw
ise, only packets for which bpf | | packets seen on the selected interface will be dumped. Otherw
ise, only packets for which bpf |
| filter is `true' will be dumped. | | filter is `true' will be dumped. |
| | |
| skipping to change at line 298 | | skipping to change at line 291 |
|---|
| not ( host vs or ace ) | | not ( host vs or ace ) |
| | |
| Expression arguments can be passed to ngrep as either a single argument o
r as multiple arguments, which- | | Expression arguments can be passed to ngrep as either a single argument o
r as multiple arguments, which- |
| ever is more convenient. Generally, if the expression contains Shell
metacharacters, it is easier to | | ever is more convenient. Generally, if the expression contains Shell
metacharacters, it is easier to |
| pass it as a single, quoted argument. Multiple arguments are concatenat
ed with spaces before being | | pass it as a single, quoted argument. Multiple arguments are concatenat
ed with spaces before being |
| parsed. | | parsed. |
| | |
| DIAGNOSTICS | | DIAGNOSTICS |
| Errors from ngrep, libpcap, and the GNU regex library are all output to s
tderr. | | Errors from ngrep, libpcap, and the GNU regex library are all output to s
tderr. |
| | |
|
| | EXIT STATUS |
| | The ngrep utility exits with one of the following values: |
| | |
| | 0 One or more frames were matched. |
| | 1 No frames were matched. |
| | 2 An error occurred. |
| | 3+ Hell is freezing over, run! |
| | |
| AUTHOR | | AUTHOR |
| Written by Jordan Ritter <jpr5@darkridge.com>. | | Written by Jordan Ritter <jpr5@darkridge.com>. |
| | |
| REPORTING BUGS | | REPORTING BUGS |
|
| Please report bugs to the ngrep's Sourceforge Bug Tracker, located at | | Please report bugs to the ngrep's GitHub Issue Tracker, located at |
| | |
|
| http://sourceforge.net/projects/ngrep/ | | http://github.com/jpr5/ngrep/issues |
| | |
| Non-bug, non-feature-request general feedback should be sent to the autho
r directly by email. | | Non-bug, non-feature-request general feedback should be sent to the autho
r directly by email. |
| | |
| NOTES | | NOTES |
| ALL YOUR BASE ARE BELONG TO US. | | ALL YOUR BASE ARE BELONG TO US. |
| | |
|
| *nux November 2006
NGREP(8) | | *nux September 2017
NGREP(8) |
| | | |
| End of changes. 15 change blocks. |
|---|
| 51 lines changed or deleted | | 48 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 