Ngrep -q '8005551212' -W byline port 5060 #: only shows packets on 5060 with 8005551212 inside the payloadįor a more in–depth tutorial on using ngrep check out this post by Jonathan Manning. Ngrep -d any port 5060 -W byline > outfile.txt d is use specified device instead of the pcap default F is read the bpf filter from the specified file P is set the non-printable display char to what is specified c is force the column width to the specified size W is set the dump format (normal, byline, single, none)
S is set the limitlen on matched packets O is dump matched packets in pcap format to pcap_dump I is read packet stream from pcap format file pcap_dump M is don't do multi-line match (do single-line match instead) T is print delta timestamp every time a packet is matched t is print timestamp every time a packet is matched D is replay pcap_dumps with their recorded time intervals w is word-regex (expression must match as a word) X is interpret match expression as hexadecimal
R is don't do privilege revocation logic q is be quiet (don't print packet reception hash marks)
0 kommentar(er)
