ngrep – Network Grep for Packet Payloads

ngrep (network grep) applies the power of GNU grep to network traffic, allowing you to...

Networking Tools Linux Open Source

ngrep (network grep) applies the power of GNU grep to network traffic, allowing you to search packet payloads using regular expressions. It’s incredibly useful for debugging protocols, finding specific content in network streams, and analyzing application-layer data in real-time or from capture files.

📑 Table of Contents

Unlike tcpdump which focuses on packet headers, ngrep excels at examining packet contents. This makes it invaluable for troubleshooting application protocols, searching for sensitive data in transit, and understanding how applications communicate over the network.

Key Features

  • Regex Matching – Full PCRE regular expression support
  • Payload Search – Search inside packet data
  • Protocol Support – TCP, UDP, ICMP, and more
  • BPF Filters – Combine with tcpdump-style filters
  • File Support – Read from pcap files
  • Real-Time Analysis – Live packet inspection

Installation

sudo apt install ngrep    # Debian/Ubuntu
sudo dnf install ngrep    # Fedora/RHEL

Basic Usage Examples

# Search for string in all traffic
sudo ngrep -d eth0 "password"

# HTTP requests only
sudo ngrep -d eth0 "GET|POST" port 80

# Case-insensitive search
sudo ngrep -i -d eth0 "error"

# Match specific host
sudo ngrep -d eth0 "login" host 192.168.1.100

# Read from pcap file
ngrep -I capture.pcap "session"

# Show timestamps
sudo ngrep -t -d eth0 "HTTP"

# Quiet mode (just matches)
sudo ngrep -q -d eth0 "secret"

Use Cases

  • Protocol Debugging – Inspect HTTP, SMTP, DNS payloads
  • Security Auditing – Find unencrypted credentials
  • Application Analysis – Understand API communications
  • Data Loss Prevention – Detect sensitive data in transit
  • Malware Analysis – Search for C2 communications

Download ngrep

You May Also Like

ss – Socket Statistics Tool

GPT4All – Free Local ChatGPT Alternative

Was this article helpful?