NewsForge: Network Monitoring with ngrep
Jul 20, 2005, 11:30 (0 Talkback[s])
(Other stories by Mayank Sharma)
"Constant monitoring and troubleshooting are key to maintaining
a network's availability. With ngrep, you can analyze network
traffic in a manner similar to that of other network sniffers.
However, unlike its brethern, ngrep can match regular expressions
within the network packet payloads. By using its advanced string
matching capabilities, ngrep can look for packets on specified
ports and assist in tracking the usernames and passwords zipping
off the network, as well as all Telnet attempts to the server.
"Ngrep uses the libpcap library, and can also take hexadecimal
expressions for which to capture network traffic. It supports TCP,
UDP, ICMP, IGMP, and Raw protocols across Ethernet, PPP, SLIP,
FDDI, Token Ring, 802.11, and null interfaces. In addition to
listening to live traffic, ngrep can also filter previous tcpdump