This is one of my favorites.
Ngrep For serious network packet analysis there’s Wireshark, with it’s thousands of settings, filters and different configuration options. There’s also a command line version, tshark. For simple tasks I find wireshark can be overkill, so unless I need something more powerful, ngrep is my tool of choice. It allows you to do with network packets what grep does with files.
For web traffic you almost always want the
-W bylineoption which preserves linebreaks, and
-qis a useful argument which supresses some additional output about non-matching packets. Here’s an example that captures all packets that contain GET or POST:
ngrep -q -W byline "^(GET|POST) .*"
You can also pass in additional packet filter options, such as limiting the matched packets to a certain host, IP or port. Here we filter all traffic going to or coming from google.com, port 80, and that contains the term “search”.
ngrep -q -W byline "search" host www.google.com and port 80