Network grep


Article from Issue 148/2013

Ngrep is a pattern-matching tool that sorts the wheat from the chaff and doubles as a lightweight packet sniffer.

You might want to inspect your network at a very detailed level for a number of legitimate reasons. Much of the time, it’s to debug an application that’s misbehaving and connecting to a server on the wrong port, or maybe a colleague has noticed a slowdown on a particular network link, and you need to diagnose where the sudden flood of multidirectional traffic is coming from.

On the other hand, you might need to check the exact nature of an attack and perform some realtime forensic diagnostics to circumvent it. Leaving the networking aspects aside for a moment, even an admin solely responsible for systems and not networks (an exceptionally rare remit these days, admittedly) needs a highly functional packet sniffer available at all times. Because systems rely so heavily on connectivity for multifaceted Internet usage, it’s imperative for admins to be able to inspect the contents of the network deeply and interpret the results proficiently.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Capture File Filtering with Wireshark

    Wireshark doesn’t just work in real time. If you save a history of network activity in a pcap file using a tool such as tcpdump, you can filter the data with Wireshark to search for evidence.

  • Core Technologies

    Learn what's going on in your network, using Linux and its arsenal of packet capture tools.

  • Backdoors

    Backdoors give attackers unrestricted access to a zombie system. If you plan to stop the bad guys from settling in, you’ll be interested in this analysis of the tools they might use for building a private entrance.

  • Ethtool

    If ping won't solve your network configuration issues, try ethtool, a powerful utility that lets you manage configuration settings for your network interface card.

  • Security Lessons

    Building a network flight recorder with Wireshark.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More