PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

ngrep not showing packets

From: DPorcello at vermontmutual.com (David Porcello)
Date: Mon, 30 Nov 2009 15:52:49 -0500

Robin, what OS and ngrep syntax are you using? On FreeBSD here's how I would grep for HTTP GET/POST requests over port 
80:

ngrep -I capture.cap -q -t 'GET|POST' port 80

When mixing search expressions with filters, the proper placement of ticks is key. On other platforms you may need to 
use double-quotes instead of ticks. Also note that ngrep can't parse captures containing 802.11 frames or VLAN tags 
(while tcpdump can).

More examples on my blog: http://grep8000.blogspot.com.

Hope that helps!
Dave.


-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Robin 
Wood
Sent: Monday, November 30, 2009 12:51 PM
To: PaulDotCom Mailing List
Subject: [Pauldotcom] ngrep not showing packets

Hi
I'm playing with ngrep and if I run it without a filter it shows the packets but as soon as I add a filter all I get 
out is #'s. The number of #s matches the number of packets so the filter is working but it just doesn't show the data.

I'm running this on a pcap and have tried running it as root just in case there were privilege problems but that didn't 
help. tcpdump shows the data correctly.

A friend says he has seen this before but can't remember what caused it.

Can anyone help?

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

NOTICE: The information contained in this e-mail and any attachments is intended solely for the recipient(s) named 
above, and may be confidential and legally privileged. If you received this e-mail in error, please notify the sender 
immediately by return e-mail and delete the original message and any copy of it from your computer system. If you are 
not the intended recipient, you are hereby notified that any review, disclosure, retransmission, dissemination, 
distribution, copying, or other use of this e-mail, or any of its contents, is strictly prohibited.

Although this e-mail and any attachments are believed to be free of any virus or other defects, it is the 
responsibility of the recipient to ensure that it is virus-free and no responsibility is accepted by the sender for any 
loss or damage arising if such a virus or defect exists.
Previous By Date Next
Previous By Thread Next

Current thread: