Ngrep Usage (Network Traffic Monitoring)

What is ngrep?

There are many tools used in network analysis. Ngrep is the network version of grep. It is used to monitor and analyze all kinds of network traffic such as HTTP, SMTP, FTP.

Examples of using ngrep are as follows;

ngrep -q port 80 —> It monitors traffic passing through http. Unencrypted data appears as clear-text

ngrep -q port 21 —> It can monitor incoming ftp connections to the server, and information such as user name and password can be seen in the request to the server.

ngrep -q -i 'text to be searched' tcp port 80 –> It monitors the requests coming to http and prints the content containing the specified value to the screen.

ngrep -W byline port 80 –>It shows the data passing through http as line by line.

ngrep -W byline port 80 -o /tmp/web.log –> saves the output to the web.log file.

ngrep -d any port 25    ----> shows smtp traffic
ngrep -d wlan0 port 1234 or 4321 and host   ---> In wifi connection it shows port 1234,4321 and ip 12,12,12,12.
ngrep -d wlan0 port 4444 and src and dst     ---> Shows packets with destination or source port 1234 or 4321 and destination or source IP
ngrep -d wlan0 port 54321 and src and dst not    ---> shows packets with source ip and port 54321 but without destination ip
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.