hoodwink.d enhanced
 

juretta.com

Monitoring network traffic with ngrep | July 27, 2007-->

July 27, 2007

There are many tools to monitor network traffic. Wading through lines and lines of tcpdump output can be cumbersome sometimes. ngrep to the rescue. From their website:

ngrep strives to provide most of GNU grep's common features, applying them to the network layer.

To install ngrep on a Mac OS X machine you can use the port command if you have darwinports installed.

macbook:~ sudo port install ngrep
To monitor network traffic using the htt protocol use the following command:
macbook:~ sudo ngrep -d en0 -W byline port 80 ## T 66.35.250.209:80 -> 10.200.1.40:50710 [AP] HTTP/1.1 200 OK. Date: Fri, 27 Jul 2007 13:45:05 GMT. Server: Apache/1.3.33 (Unix) PHP/4.3.10. Last-Modified: Tue, 28 Nov 2006 13:54:21 GMT. ETag: "219bab-160c-456c3f8d". Accept-Ranges: bytes. Content-Length: 5644. Connection: close. Content-Type: text/html. [...]

To monitor the traffic to a certain host include the host information:

macbook:~ sudo ngrep -d en0 -W byline host google.com

Hint use ifconfig to figure out which device to use (in my case it is en0, it might be eth0 for example on your machine).

Ngrep homepage: http://ngrep.sourceforge.net/
For usage information you can find more information here: http://ngrep.sourceforge.net/usage.html.

@06:30 | Comments: 0 | Tags: Mac (18)
Diggman

About

juretta.com is the personal workspace of Stefan Saasen. You can send him an email or read more about this site in the „About“ section.

« Previous entry

Google Developer Day 2007 Hamburg
posted about 1 year ago

» Next entry

List open ports on your machine (Mac ...
posted about 1 year ago

Recent comment

On: “Attachr.com: OpenID support added

You need to kill this spam stuff!

posted about 1 year ago by entropie

Look!

Latest links  RSS  

More...