Ngrep – quick start guide

Ngrep is similar to tcpdump with ability to look for regex search in packets playload and show matching packets to screen. This can be very useful for debugging and troubleshooting in production and development environments. Here are some handy command to use ngrep on Linux or Mac:

Using ngrep to print http request headers

ngrep in quiet mode (-q), ignore case (-i), for interface ppp0,

$ ngrep -d ppp0 -q -i -t -W byline '^(GET|POST) '

Using ngrep to print http response headers

$ ngrep -d ppp0 -q -i -t -W byline '^HTTP/' port 80

Using ngrep to print outgoing solr http request

Assuming solr running on port 8080

$ ngrep -d ppp0 -q -i -t -W byline '' 'dst port 8080'

Using ngrep to print mysql select queries

$ ngrep -d ppp0 -q -i -W byline  'SELECT' port 3306

Using ngrep to print destination memcache traffic on localhost

If memcache is running on localhost, we need to use loopback network interface. This is the outcome when you hit memcache.php

$ ngrep -d lo0 -q -i -W byline '' dst port 11211
T ::1:49630 -> ::1:11211 [AP]
stats.
....
Share this article: share on Google+ share on facebook share on linkedin tweet this submit to reddit

Comments

Click here to write/view comments