ngrep not showing packets

[dninja at gmail.com (Robin Wood)]

I was missing the -t. I assumed that with just the port filter I would
get results. So this gives just #s

ngrep  'dst port 80' -I x.cap

but then

ngrep  -t '' 'dst port 80' -I x.cap

gives results

Collecting loads of data at the moment so going to try to write some
good filters and scripts to parse through it to see what info I can
get.

BTW, I am running this version in case it makes a difference: ngrep:
V1.45, $Revision: 1.93 $

Thanks for all the replies.

Robin

2009/11/30 Nick Baronian <nbaronian at gmail.com>:
> Toss a -v on the end.
> ngrep -W byline -t '^(GET|POST) ' 'dst host 1.1.1.1 and dst port 80'
> -I /tmp/out.pcap -v
>
> If it helps here is a little cheat sheet with some ngrep junk -
> http://theinterw3bs.com/docs/PacketSniffCraft-CheatSheet.pdf
> nick
>
> On Mon, Nov 30, 2009 at 12:51 PM, Robin Wood <dninja at gmail.com> wrote:
> > Hi
> > I'm playing with ngrep and if I run it without a filter it shows the
> > packets but as soon as I add a filter all I get out is #'s. The number
> > of #s matches the number of packets so the filter is working but it
> > just doesn't show the data.
> >
> > I'm running this on a pcap and have tried running it as root just in
> > case there were privilege problems but that didn't help. tcpdump shows
> > the data correctly.
> >
> > A friend says he has seen this before but can't remember what caused it.
> >
> > Can anyone help?
> >
> > Robin
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com