Linux系統中字符串搜索命令ngrep的用法
添加時間:2016-2-22 3:36:53
添加:
思海網絡
ngrep 是grep的網絡版,他力求更多的grep特征,用于搜尋指定的數據包。由于安裝ngrep需用到ibpcap庫, 所以支持大量的操作系統和網絡協議,能識別TCP、UDP和ICMP包。
安裝ngrep
下載地址
代碼如下:
git clone git://git.code.sf.net/p/ngrep/code ngrep-code
進入目錄
代碼如下:
cd ngrep-code
./configure --with-pcap-includes=/usr/local/include/pcap
make
make install
選項
-h is help/usage
-V is version information
-q is be quiet (don't print packet reception hash marks)靜默模式,如果沒有此開關,未匹配的數據包都以“#”顯示
-e is show empty packets 顯示空數據包
-i is ignore case 忽略大小寫
-v is invert match 反轉匹配
-R is don't do privilege revocation logic
-x is print in alternate hexdump format 以16進制格式顯示
-X is interpret match expression as hexadecimal 以16進制格式匹配
-w is word-regex (expression must match as a word) 整字匹配
-p is don't go into promiscuous mode 不使用混雜模式
-l is make stdout line buffered
-D is replay pcap_dumps with their recorded time intervals
-t is print timestamp every time a packet is matched在每個匹配的包之前顯示時間戳
-T is print delta timestamp every time a packet is matched顯示上一個匹配的數據包之間的時間間隔
-M is don't do multi-line match (do single-line match instead)僅進行單行匹配
-I is read packet stream from pcap format file pcap_dump 從文件中讀取數據進行匹配
-O is dump matched packets in pcap format to pcap_dump 將匹配的數據保存到文件
-n is look at only num packets 僅捕獲指定數目的數據包進行查看
-A is dump num packets after a match匹配到數據包后Dump隨后的指定數目的數據包
-s is set the bpf caplen
-S is set the limitlen on matched packets
-W is set the dump format (normal, byline, single, none) 設置顯示格式byline將解析包中的換行符
-c is force the column width to the specified size 強制顯示列的寬度
-P is set the non-printable display char to what is specified
-F is read the bpf filter from the specified file 使用文件中定義的bpf(Berkeley Packet Filter)
-N is show sub protocol number 顯示由IANA定義的子協議號
-d is use specified device (index) instead of the pcap default
應用舉例:
捕獲所有post請求(加個-W byline 參數后,將解析包中的換行符):
代碼如下:
ranger@ranger:~$ sudo ngrep -q -W byline "(POST).*"
interface: eth0 (192.168.122.0/255.255.254.0)
match: (POST).*
T 192.168.122.74:46048 -> 140.207.228.58:80 [A]
POST /Hotel/OTA_HotelSearch.asmx?wsdl HTTP/1.1.
Content-Type: text/xml; charset=UTF-8.
SOAPAction: http://ctrip.com/Request.
Accept-Encoding: gzip, deflate.
Content-Length: 1330.
Accept: */*.
Accept-Language: zh-cn.
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0).
UA-CPU: x86.
Accept-Encoding: gzip, deflate.
Connection: close.
Host: openapi.ctrip.com.
.
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <Request xmlns="http://ctrip.com/"> <requestXML><Request>
<Header AllianceID="***" SID="***" TimeStamp="1393554304685" RequestType="OTA_HotelSearch" Signature="B166CDF5422A6DA5BA81A08036E938E7"/>
<HotelRequest>
<RequestBody xmlns:ns="http://www.opentravel.org/OTA/2003/05" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<ns:OTA_HotelSearchRQ Version="1.0" PrimaryLangID="zh"
xsi:schemaLocation="http://www.opentravel.org/OTA/2003/05 OTA_HotelSearchRQ.xsd"
關鍵字:Linux、系統、命令、ngrep
新文章:
- CentOS7下圖形配置網絡的方法
- CentOS 7如何添加刪除用戶
- 如何解決centos7雙系統后丟失windows啟動項
- CentOS單網卡如何批量添加不同IP段
- CentOS下iconv命令的介紹
- Centos7 SSH密鑰登陸及密碼密鑰雙重驗證詳解
- CentOS 7.1添加刪除用戶的方法
- CentOS查找/掃描局域網打印機IP講解
- CentOS7使用hostapd實現無AP模式的詳解
- su命令不能切換root的解決方法
- 解決VMware下CentOS7網絡重啟出錯
- 解決Centos7雙系統后丟失windows啟動項
- CentOS下如何避免文件覆蓋
- CentOS7和CentOS6系統有什么不同呢
- Centos 6.6默認iptable規則詳解