What is ngrep?
There are many tools used in network analysis. Ngrep is the network version of grep. It is used to monitor and analyze all kinds of network traffic such as HTTP, SMTP, FTP.
Examples of using ngrep are as follows;
ngrep -q port 80 —> It monitors traffic passing through http. Unencrypted data appears as clear-text
ngrep -q port 21 —> It can monitor incoming ftp connections to the server, and information such as user name and password can be seen in the request to the server.
ngrep -q -i 'text to be searched' tcp port 80 –> It monitors the requests coming to http and prints the content containing the specified value to the screen.
ngrep -W byline port 80 –>It shows the data passing through http as line by line.
ngrep -W byline port 80 -o /tmp/web.log –> saves the output to the web.log file.