network grep

ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

http://www.packetfactory.net/Projects/ngrep/

==== 사용예제 ====
ngrep  -qd eth1  'www'  tcp port 80 
Be quiet, look only at tcp packets with either source or dest port 80 on interface eth1, look for anything matching 'www'.  

ngrep  -qd le0  in-addr  port 53
Look at all packets with either source or dest port 53 on interface le0, that match match 'in-addr'. Be quiet.  

ngrep  'USER|PASS'  tcp port 21
Look only at tcp packets with either source or dest port 21, look for anything resembling an FTP login.  

ngrep  -wi  'user|pass'  tcp port 21
Look at tcp packets with either source or dest port 21, that match either 'user' or 'pass' (case insensitively) as a word.  

ngrep -wiA 2   'user|pass'  tcp port 21
Alternatively, match either 'user' or 'pass' case insensitively, and dump the next 2 packets following (that match the bpf filter).  
----
[[http://www.linuxgazette.com/issue57/eyler2.html|using ngrep by linuxgazette]]
 
----
-0-; 2바이트 언어는 잘 캡쳐가 안된다. 소스를 고쳐야 할듯.. 
 ''나비형이 패킷 캡쳐 툴 좀 알려 달라고해서..''