|
July 2004
The Open Road: Network Troubleshooting Tools — Part 2
Last month, I started discussing network troubleshooting tools. This month, I'll discuss sniff and ngrep.
Using ngrep
Let's start off with ngrep. I won't go into details about getting ngrep because there should be ready-made packages for most *nix systems easily available — if not installed by default.
As the name suggests, ngrep stands for "network grep." Like grep, ngrep searches for a string or regular expression — but does so on the network layer. This can be particularly useful in a number of cases when you're trying to troubleshoot problems, watch for interactions between programs on the network level, or just if you're nosey. It's also a good idea to play around with ngrep a bit just to see what kind of information other people might be able to glean by sniffing packets coming from your system.
The simplest use of ngrep is ngrep string where "string" is a search term that you want to match. For example, if I were to use ngrep GNU, then I might match a packet like this:
T 208.42.233.150:80 -> 24.9.11.140:35032 [AP]
HTTP/1.1 200 OK..Date: Fri, 23 Jul 2004 12:44:06 GMT..Server: Apache/1.3.29
(Debian GNU/Linux) PHP/4.3.4 mod_perl/1.29..Last-Modified: Fri, 21 May 200
4 20:21:02 GMT..ETag: "cc06f-180-40ae64ae"..Accept-Ranges: bytes..Content-L
ength: 384..Keep-Alive: timeout=15, max=100..Connection: Keep-Alive..Conten
t-Type: text/css....<style type="text/css"><!--.a:active {..text-decoration
: none;..color: blue;.}.a:link {..text-decoration: none;..
|
