ongrep

A cleaned up fork of ngrep for OpenBSD
git clone git://git.sgregoratto.me/ongrep
Log | Files | Refs | README | LICENSE

README.md (3246B)

      1 ## ngrep 1.47 (9.7.2017)
      2 
      3 ngrep is like GNU grep applied to the network layer.  It's a PCAP-based tool
      4 that allows you to specify an extended regular or hexadecimal expression to
      5 match against data payloads of packets.  It understands many kinds of protocols,
      6 including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of
      7 interface types, and understands BPF filter logic in the same fashion as more
      8 common packet sniffing tools, such as tcpdump and snoop.
      9 
     10 
     11 ## What's New
     12 
     13  * Fix "no VLAN support for XXX"-related problems
     14  * Fix truncated/garbled output (e.g. SIP over SLL/Linux cooked sockets)
     15  * Change exit behavior to match BSD & GNU grep (see manpage)
     16  * Add Solaris IPnet support
     17  * Update to use 32bit values where relevant
     18  * Emit frame # in header, useful for reference/analysis
     19  * Emit total received, matched upon exit (dropped unreliable PCAP stats)
     20  * Import debian patches related to autotools, manpage, and compilation on other platforms
     21  * Fix build clean/distclean when not linked against provided GNU regex
     22  * Fix build --enable/--disable flag processing
     23  * Fix building under MS VS2012 / Win32
     24  * Update to latest autotools (2017)
     25 
     26 
     27 ## How to use
     28 
     29 ngrep was originally developed to:
     30 
     31 * debug plaintext protocol interactions such as HTTP, IMAP, DNS, SIP, etc.
     32 * identify and analyze anomalous network communications such as those between
     33   malware, zombies and viruses
     34 * store, read and reprocess pcap dump files while looking for specific data
     35   patterns
     36 
     37 As well, it could be used to do plaintext credential collection, as with HTTP
     38 Basic Authentication, FTP or POP3 authentication.  Like all useful tools, it can
     39 be used for good and for bad.
     40 
     41 Visit [EXAMPLES](EXAMPLES.md) to learn more about how ngrep works and can be
     42 leveraged to see all sorts of neat things.
     43 
     44 
     45 ## Support, Feedback, & Patches
     46 
     47 If you need help, have constructive feedback, or would like to submit a patch,
     48 please visit ngrep's project at GitHub and use the online tools there.  It will
     49 help the author better manage the various requests and patches so that nothing
     50 is lost or missed (as has been the case in the past, unfortunately).
     51 
     52 * Issues: https://github.com/jpr5/ngrep/issues
     53 * Patches: https://github.com/jpr5/ngrep/pulls
     54 
     55 
     56 ## Confirmed Working Platforms
     57 
     58 * Linux 2.0+ (RH6+, SuSE, TurboLinux, Debian, Gentoo, Ubuntu, Mandrake, Slackware)/x86, RedHat/alpha Cobalt, (Qube2) Linux/MIPS
     59 * Solaris 2.5.1, 2.6/SPARC, Solaris 7, Solaris 8/SPARC, Solaris 9/SPARC
     60 * FreeBSD 2.2.5, 3.1, 3.2, 3.4-RC, 3.4-RELEASE, 4.0, 5.0
     61 * OpenBSD 2.4 (after upgrading pcap from 0.2), 2.9, 3.0, 3.1+
     62 * NetBSD 1.5/SPARC
     63 * Digital Unix V4.0D (OSF/1), Tru64 5.0, Tru64 5.1A
     64 * HPUX 11
     65 * IRIX
     66 * AIX 4.3.3.0/PowerPC
     67 * BeOS R5
     68 * Mac OS X 10+
     69 * GNU HURD
     70 * Windows 95, 98, NT, 2000, XP, 2003/x86, 7, 8, 8.1, 10
     71 
     72 
     73 ## Miscellany
     74 
     75 Please see [CREDITS](CREDITS) for a partial list of the many people who helped make ngrep
     76 what it is today.  Also, please note that ngrep is released under a simple
     77 BSD-style license, though depending on which regex library you compile
     78 against, you'll either get the GPL (GNU regex) or Artistic (PCRE).
     79 
     80  * Unix libpcap: http://www.tcpdump.org/release/
     81  * Windows libpcap: http://www.winpcap.org/install/
     82  * PCRE: http://www.pcre.org/