Difference between revisions of "Linux tcpdump and ngrep"
Jump to navigation
Jump to search
m (Pio2pio moved page Linux tcpdump to Linux tcpdump and ngrep without leaving a redirect: ngrep takes the same/ similar arguments as tcpdump) |
|||
| Line 7: | Line 7: | ||
and (src net 10.34.96.128/25 or src net 10.34.97.128/25 or net 10.34.98.128/25)" | and (src net 10.34.96.128/25 or src net 10.34.97.128/25 or net 10.34.98.128/25)" | ||
# -q less verbose, -n no-dns, -p? -e expression | # -q less verbose, -n no-dns, -p? -e expression | ||
</source> | |||
= ngrep = | |||
''ngrep'' is network packet analyzer tool, It is a grep-like tool applied to the network layer – it matches traffic passing over a network interface with ''tcpdump'' like arguments syntax. It supports IPv4/6, TCP, UDP, ICMPv4/6, IGMP as well as Raw. | |||
<source lang="bash"> | |||
sudo apt install ngrep | |||
sudo yum install ngrep | |||
sudo dnf install ngrep | |||
</source> | </source> | ||
Revision as of 09:31, 18 August 2018
Common examples of tcpdump
Usage of expressions and | or with subnets
tcpdump -qn -i any -p -e "(dst port 9443 or dst port 22 or dst port 8672) \ and (src net 10.34.96.128/25 or src net 10.34.97.128/25 or net 10.34.98.128/25)" tcpdump -qn -i any -p -e "dst port 22 \ and (src net 10.34.96.128/25 or src net 10.34.97.128/25 or net 10.34.98.128/25)" # -q less verbose, -n no-dns, -p? -e expression
ngrep
ngrep is network packet analyzer tool, It is a grep-like tool applied to the network layer – it matches traffic passing over a network interface with tcpdump like arguments syntax. It supports IPv4/6, TCP, UDP, ICMPv4/6, IGMP as well as Raw.
sudo apt install ngrep sudo yum install ngrep sudo dnf install ngrep