Using ngrep to capture SIP packets

Owned by Former user (Deleted)
Last updated: Nov 05, 2010 by Former user (Deleted)Version comment
1 min read

ngrep is a great little utility that allows you to capture and analyze packets.

Realtime network grep tool

ngrep is grep command that works on realtime network data.

ngrep strives to provide most of GNU grep's common features, applying
them to the network layer. ngrep is a pcap-aware tool that will allow
you to specify extended regular or hexadecimal expressions to match
against data payloads of packets. It currently recognizes TCP, UDP
and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null
interfaces, and understands bpf filter logic in the same fashion as
more common packet sniffing tools, such as tcpdump and snoop.

ngrep can be installed in FC4 using yum (it is part of the Fedora Extras repository):

yum install ngrep

On FC3 you either enable the Fedora Extras repository or download it manually:

wget http://ftp.belnet.be/packages/dries.ulyssis.org/fedora/fc3/i386/RPMS.dries/ngrep-1.44-1.1.fc3.rf.i386.rpm .

Installing the GPG key:

rpm --import http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt

Installing the package:

rpm --install ngrep-1.44-1.1.fc3.rf.i386.rpm

Documentation:

man ngrep