ngrep
ngrep - network grep
http://ngrep.sourceforge.net/
For both *nix and windows
slackware users:
Even though it isn't listed; it compiles under slackware 8.1 and the author has been notified to update his support page.
Windows users:
Here are a list trivial modifications required to get this running out of the box using Windows XP / MS Visual Studio 6 using the latest service pack and platform SDK.
getopt.c ln4
from:
#include <getopt.h>
to:
#include "include/getopt.h"
ngrep.c ln37
from:
#include <getopt.h>
to:
#include "include/getopt.h"
ngrep.c ln39
from:
#include <nettypes.h>
to:
#include "include/nettypes.h"
ngrep.c ln47
from:
#include <pcap.h>
to:
#include "include/pcap.h"
ngrep.c ln48
from:
#include <net/bdf.h>
to:
#include "include/net/bdf.h"
pcap.h ln47
from:
#include <net/bdf.h>
to:
#include "net/bdf.h"
bpf.h ln49
from:
#include <gnuc.h>
to:
#include "include/gnuc.h"
..otherwise there are errors generated that the .h files could not be opened during compilation. The author has been notified to update his project workspace file.
http://ngrep.sourceforge.net/
Description: ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
slackware users:
Even though it isn't listed; it compiles under slackware 8.1 and the author has been notified to update his support page.
Windows users:
Here are a list trivial modifications required to get this running out of the box using Windows XP / MS Visual Studio 6 using the latest service pack and platform SDK.
getopt.c ln4
from:
#include <getopt.h>
to:
#include "include/getopt.h"
ngrep.c ln37
from:
#include <getopt.h>
to:
#include "include/getopt.h"
ngrep.c ln39
from:
#include <nettypes.h>
to:
#include "include/nettypes.h"
ngrep.c ln47
from:
#include <pcap.h>
to:
#include "include/pcap.h"
ngrep.c ln48
from:
#include <net/bdf.h>
to:
#include "include/net/bdf.h"
pcap.h ln47
from:
#include <net/bdf.h>
to:
#include "net/bdf.h"
bpf.h ln49
from:
#include <gnuc.h>
to:
#include "include/gnuc.h"
..otherwise there are errors generated that the .h files could not be opened during compilation. The author has been notified to update his project workspace file.