ongrep

A cleaned up fork of ngrep for OpenBSD
git clone git://git.sgregoratto.me/ongrep
Log | Files | Refs | README | LICENSE

commit 4de4e7270d7c3929db69986486d7854fd83b3c98
parent 7e0278e05008b335e6b38d235a4113b38710f6d3
Author: Jordan Ritter <jpr5@darkridge.com>
Date:   Mon, 29 Mar 2004 02:09:02 +0000

updated with latest version and usage information

Diffstat:
MREADME | 24+++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/README b/README @@ -1,7 +1,7 @@ Program: ngrep Author: Jordan Ritter <jpr5@darkridge.com> -Version: 1.41 (8.9.2003) +Version: 1.42 (3.28.2004) Goal: @@ -24,16 +24,16 @@ Description: Usage: - ngrep <-hXViwqpevxlDtT> <-IO pcap_dump> <-n num> <-d dev> <-A num> - <-s snaplen> <-S limitlen> <match expression> - <bpf filter> + ngrep <-hXViwqpevxlDtTRM> <-IO pcap_dump> <-n num> <-d dev> <-A num> + <-s snaplen> <-S limitlen> <-W normal|byline|none> <-c cols> + <-P char> <-F file> <match expression> <bpf filter> -h is help/usage -X is interpret match expression as hexadecimal -V is version information -i is ignore case -w is word-regex (expression must match as a word) - -q is be quiet + -q is be quiet (don't print packet reception hash marks) -p is don't go into promiscuous mode -e is show empty packets -v is invert match @@ -42,13 +42,19 @@ Usage: -D is replay pcap_dumps with their recorded time intervals -t is print timestamp every time a packet is matched -T is print delta timestamp every time a packet is matched - -s is set the bpf caplen - -S is set the limitlen on matched packets + -R is don't do privilege revocation logic + -M is don't do multi-line match (do single-line match instead) -O is dump matched packets in pcap format to pcap_dump -I is read packet stream from pcap format file pcap_dump -n is look at only num packets -d is use a device different from the default (pcap) -A is dump num packets after a match + -s is set the bpf caplen + -S is set the limitlen on matched packets + -W is set the dump format (normal, byline, none) + -c is force the column width to the specified size + -P is set the non-printable display char to what is specified + -F is read the bpf filter from the specified file <match expression> is either an extended regular expression or a hexadecimal string. see the man page for more @@ -89,6 +95,10 @@ Tips: filter: ip and ( not port 80 ) + Please see http://ngrep.sourceforge.net/usage.html for more detailed + examples describing ngrep usage. + + Miscellany: Please see the CREDITS file for a listing of the people who helped