This tool is a life saver . I had to use it today to debug some mail issues , a client chould not log in . If you know how to use it you will know everything is happening on your network - in and out
Anyway i whould like to say thanks to the makers ngrep.sourceforge.net
ngrep strives to provide most of GNU grep’s common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
Basic Usage :
-
ngrep -d any port 25
Monitor all activity crossing source or destination port 25 (SMTP).
-
ngrep -d any ‘error’ port syslog
Monitor any network-based syslog traffic for word “error”. See all errors on your network
-
ngrep -wi -d any ‘user|pass’ port 21
You can download it from here
