Electronic Books

-O pcap_dump Output matched packets to a pcapcompatible
dump file. This feature does not interfere
with normal output to stdout.
-n num Match only num packets total, then exit.
698
Practical Hacking Techniques and Countermeasures
Chapter Tool Syntax
Chapter 5
(continued)
Ngrep -d dev By default ngrep will select a default interface to
listen on. Use this option to force ngrep to listen on
interface dev.
-A num Dump num packets of trailing context after
matching a packet.
match expression A match expression is either an
extended regular expression, or if the -X option is
specified, a string signifying a hexadecimal value. An
extended regular expression follows the rules as
implemented by the GNU regex library. Hexadecimal
expressions can optionally be preceded by ???0x.??? For
example: ???DEADBEEF,??? ???0xDEADBEEF.???
bpf filter Selects a filter that specifies what packets will
be dumped. If no bpf filter is given, all IP packets seen
on the selected interface will be dumped. Otherwise,
only packets for which bpf filter is true will be dumped.
The bpf filter consists of one or more primitives.
Primitives usually consist of an id (name or number)
proceeded by one or more qualifiers. There are three
different kinds of qualifier:
Type qualifiers say what kind of thing the ID name or
number refers to. Possible types are host, net, and port.
For example: ???host blort,??? ???net 1.2.3,??? ???port 80.??? If there
is no type qualifier, host is assumed.


Pages:
237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261