This week, I’ve spent some time analysing traffic on our network to try to get to the bottom of some slightly odd behaviour we’ve been seeing. Ordinarly I’d use tcpdump and/or wireshark. They’re great for capturing traffic and filtering by, for example, the IP address concerned, or the network protocol being used, but sometimes that’s not enough: if one is interested in filtering based upon the contents of a packet you need a different tool. And so, a little bit of searching led me to ngrep, which is exactly what the name sounds like: grep for networks. I can now filter out all traffic on our network which is requesting one particular website address by filtering based upon the HTTP request being sent. Now I can quickly and easily get at the network traffic I’m interested in!

This entry was posted in Linux, Network, Software. Bookmark the permalink.