like grep for your network

$ sudo ngrep GET will find every plaintext HTTP GET request

ngrep syntax

$ ngrep
   [regular expression]
   [BPF filter]

(“regular expression” is what to search packets for)
“BPF filter” use the same format as tcpdump uses!

person: I started using ngrep when I was intimidated by tcpdump and I found it easier (heart)


is for device

which network interface to use. same as tcpdump’s -i (try -d any!) ngrep

-W byline

prints line breaks as line breaks, not “\n”. Nice when looking at HTTP requests

-I file.pcap -O file.pcap

read/write packets from/to a pcap file

