Recently I came across couple of blog posts/talks about ngrep and thought I would give it a try.

ngrep is a tool to grep network traffic. It has an inbuilt support for searching with regex.

Listen on any interface, check src and dst ports

  • ngrep -d any port 29413 Listens on traffic on port 29413 - both src and dst.

  • ngrep -d any "health" port 80 -W byline Listens on port 80 - both src and dst and grep for “health”.

    • -W byline - will tell ngrep to respect embedded line feeds when they occur. It gives you a more clear and structured output.

Will explore more and update.