Robin, what OS and ngrep syntax are you using? On FreeBSD here's how I would grep for HTTP GET/POST requests over port 80:
ngrep -I capture.cap -q -t 'GET|POST' port 80 When mixing search expressions with filters, the proper placement of ticks is key. On other platforms you may need to use double-quotes instead of ticks. Also note that ngrep can't parse captures containing 802.11 frames or VLAN tags (while tcpdump can). More examples on my blog: http://grep8000.blogspot.com. Hope that helps! Dave. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Robin Wood Sent: Monday, November 30, 2009 12:51 PM To: PaulDotCom Mailing List Subject: [Pauldotcom] ngrep not showing packets Hi I'm playing with ngrep and if I run it without a filter it shows the packets but as soon as I add a filter all I get out is #'s. The number of #s matches the number of packets so the filter is working but it just doesn't show the data. I'm running this on a pcap and have tried running it as root just in case there were privilege problems but that didn't help. tcpdump shows the data correctly. A friend says he has seen this before but can't remember what caused it. Can anyone help? Robin _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com NOTICE: The information contained in this e-mail and any attachments is intended solely for the recipient(s) named above, and may be confidential and legally privileged. If you received this e-mail in error, please notify the sender immediately by return e-mail and delete the original message and any copy of it from your computer system. If you are not the intended recipient, you are hereby notified that any review, disclosure, retransmission, dissemination, distribution, copying, or other use of this e-mail, or any of its contents, is strictly prohibited. Although this e-mail and any attachments are believed to be free of any virus or other defects, it is the responsibility of the recipient to ensure that it is virus-free and no responsibility is accepted by the sender for any loss or damage arising if such a virus or defect exists. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
