📑 Table of Contents
ngrep
DeveloperJordan Ritter
Stable release
1.49.0[1] / 8 February 2026; 4 months ago (8 February 2026)
Written inC
Operating systemLinux, Solaris, illumos FreeBSD, NetBSD, OpenBSD, Mac OS X, additional *NIX systems, Windows
TypePacket analyzer
LicenseBSD-style[2]
Websitehttps://github.com/jpr5/ngrep[3]
Repository

ngrep (network grep) is a network packet analyzer written by Jordan Ritter. It has a command-line interface, and relies upon the pcap library and the GNU regex library.

ngrep supports Berkeley Packet Filter (BPF) logic to select network sources or destinations or protocols, and also allows matching patterns or regular expressions in the data payload of packets using GNU grep syntax, showing packet data in a human-friendly way.

ngrep is an open source application, and the source code is available to download from the ngrep site on GitHub. It can be compiled and ported to multiple platforms, it works in many UNIX-like operating systems: Linux, Solaris, illumos, BSD, AIX, and also works on Microsoft Windows.[4]

Functionality

edit

ngrep is similar to tcpdump, but it has the ability to look for a regular expression in the payload of the packet, and show the matching packets on a screen or console. It allows users to see all unencrypted traffic being passed over the network, by putting the network interface into promiscuous mode.

ngrep with an appropriate BPF filter syntax, can be used to debug plain text protocols interactions like HTTP, SMTP, FTP, DNS, among others, or to search for a specific string or pattern, using a grep regular expression syntax.[5][6]

ngrep also can be used to capture traffic on the wire and store pcap dump files, or to read files generated by other sniffer applications like tcpdump or wireshark.

ngrep has various options or command line arguments. The ngrep man page in UNIX-like operating systems show a list of available options.

Using ngrep

edit

In these examples, it is assumed that eth0 is the used network interface.

  • Capture network traffic incoming/outgoing to/from eth0 interface and show parameters following HTTP (TCP/80) GET or POST methods
ngrep -l -q -d eth0 -i "^GET |^POST " tcp and port 80
  • Capture network traffic incoming/outgoing to/from eth0 interface and show the HTTP (TCP/80) User-Agent string
ngrep -l -q -d eth0 -i "User-Agent: " tcp and port 80
  • Capture network traffic incoming/outgoing to/from eth0 interface and show the DNS (UDP/53) querys and responses
ngrep -l -q -d eth0 -i "" udp and port 53

Security

edit

Capturing raw network traffic from an interface requires special privileges or superuser privileges on some platforms, especially on Unix-like systems. ngrep default behavior is to drop privileges in those platforms, running under a specific unprivileged user.

Like tcpdump, it is also possible to use ngrep for the specific purpose of intercepting and displaying the communications of another user or computer, or an entire network.

A privileged user running ngrep in a server or workstation connected to a device configured with port mirroring on a switch, router, or gateway, or connected to any other device used for network traffic capture on a LAN, MAN, or WAN, can watch all unencrypted information related to login ID's, passwords, or URLs and content of websites being viewed in that network.

Supported protocols

edit

See also

edit

References

edit
  1. ^ "Release 1.49.0". 8 February 2026. Retrieved 3 April 2026.
  2. ^ LICENSE.txt file in the tarball
  3. ^ https://api.github.com/repos/jpr5/ngrep. Retrieved 29 July 2018. {{cite web}}: Missing or empty |title= (help)
  4. ^ ngrep supported platforms
  5. ^ ngrep and regular expressions
  6. ^ ngrep usage
edit

📚 Artikel Terkait di Wikipedia

Grep

that searches for text in files, similarly to grep List of POSIX commands ngrep – the network grep vgrep – a humorous term for visual inspection Kernighan

Wireshark

Comparison of packet analyzers EtherApe Fiddler (software) netsniff-ng ngrep Omnipeek tcptrace "Wireshark Is 25: The email that started it all and the

Tcpdump

tcpdump EtherApe, a network mapping tool that relies on sniffing traffic Ngrep, a tool that can match regular expressions within the network packet payloads

Pcap

application. McAfee ePolicy Orchestrator, Rogue System Detection feature ngrep, aka "network grep", isolate strings in packets, show packet data in human-friendly

Jordan Ritter

Ritter) 路 GitHub". Github.com. 2009-05-20. Retrieved 2013-11-27. "ngrep - network grep". Ngrep.sf.net. Retrieved 2013-11-27. "ORAPP - Oracle OCI C++ Interface

Packet analyzer

Microsoft Network Monitor NarusInsight NetScout Systems nGenius Infinistream ngrep, Network Grep OmniPeek, Omnipliance by Savvius SkyGrabber The Sniffer snoop

EtherApe

software portal Comparison of packet analyzers tcpdump, a packet analyzer Ngrep, a tool that can match regular expressions within the network packet payloads

Justniffer

of traffic analysis tools netsniff-ng, a free Linux networking toolkit ngrep, a tool that can match regular expressions within the network packet payloads