Wednesday, 4 September 2013

How to Search for strings in Network Traffic

Problem: You want to watch network traffic, searching for strings in the transmitted data

Solution: Use ngrep

To search for packets containging data that matches a regular expression and protocols that match a filter expression:

# ngrep [grep-options] regular-expression [filter-expression]

To search instead for a sequence of binary data:

# ngrep -X hexadecimal-digits [filter-expression]

To sniff packets and save them in a file:

# ngrep -O filename [ -n count] [ -d interface] [-s snap-length] regular-expression [filter-expression]

To read and display the saved network trace data

# ngrep -I filename regular-expression [filter-expression]

Installation: # tar -xvjf ngrep-*tar.gz
# cd ngrep
# ./configure --prefix=/usr/local
# make
 and install it into /usr/local as root
# mkdir -p /usr/local/bin /usr/local/man/man8
# make install

No comments:

Post a Comment