Ngrep ngrep <-hXViwqpevxlDtT> <-IO pcap_dump >
< -n num > < -d dev > < -A num >
< -s snaplen > < match expression >
< bpf filter >
Options:
-h Display help/usage information.
-X Treat the match expression as a hexadecimal string.
See the explanation of match expression below.
-V Display version information.
-I Ignore case for the regex expression.
-w Match the regex expression as a word.
-q Be quiet; do not output any information other than
packet headers and their payloads (if relevant).
-p Do not put the interface into promiscuous mode.
-e Show empty packets. Normally empty packets are
discarded because they have no payload to search. If
specified, empty packets will be shown, regardless of
the specified regex expression.
-v Invert the match; only display packets that do not match.
-x Dump packet contents as hexadecimal as well as
ASCII.
-l Make stdout line buffered.
-D When reading pcap_dump files, replay them at their
recorded time intervals (mimic real time).
-t Print a timestamp in the form of YYYY/MM/DD
HH:MM:SS.UUUUUU every time a packet is matched.
-T Print a timestamp in the form of +S.UUUUUU,
indicating the delta between packet matches.
-s snaplen Set the bpf caplen to snaplen (default 65536).
-I pcap_dump Input file pcap_dump into ngrep. Works
with any pcap-compatible dump file format. This
option is useful for searching for a wide range of
different patterns over the same packet stream.
Pages:
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260