Permalink
Browse files

Update, simplify, and markdown-ify docs

  • Loading branch information...
jpr5 committed Sep 7, 2017
1 parent 35527b4 commit 3cb4c580a9de4afe11c2c17b0f354b59b74ae974
@@ -1,14 +1,29 @@
v1.47
o Updates to fix building under MS VS2012 / Win32
o Updates to use 32bit values where relevant
o Fix "no VLAN support for XXX"-related problems
o Fix to reduce searchable space when VLAN header present
o Fix truncated/garbled output (e.g. SIP over SLL/Linux cooked sockets)
o Import debian patches related to autotools, manpage, and compilation
on other platforms
o Change exit behavior to match BSD & GNU grep (see manpage)
o Update to latest autotools
o Add Solaris IPnet support
o Update to use 32bit values where relevant
o Emit frame # in header, useful for reference/analysis
o Emit total received, matched upon exit (dropped unreliable PCAP stats)
o Import debian patches related to autotools, manpage, and compilation
on other platforms
o Fix build clean/distclean when not linked against provided GNU regex
o Fix build --enable/--disable flag processing
o Fix building under MS VS2012 / Win32
o Update to latest autotools (2017)
v1.46.1
@@ -291,6 +306,3 @@ v1.28
o no required arguments anymore
o regex's are not required anymore, can just be bpf logic
o probably a bugfix or two
File renamed without changes.
View

Large diffs are not rendered by default.

Oops, something went wrong.
@@ -1,7 +1,8 @@
=================================================================
NOTE: These instructions are from the 2006 release of ngrep 1.45.
They are outdated but will still give you the gist.
They are sparse but will still give you the gist. Otherwise
try ngrep from your favorite package manager!
=================================================================
ngrep Installation Guide
@@ -22,10 +23,10 @@ On Windows, the client support library is called ``WinPcap Developer's
Pack'' and should be unpacked inside the parent directory of the ngrep
source tree.
The latest versions (as of this writing) are located at:
The latest versions can be found at:
UNIX: http://tcpdump.org/release/libpcap-0.9.5.tar.gz
Win32: http://www.winpcap.org/install/bin/wpdpack_3_1.zip
UNIX: http://tcpdump.org/release/
Win32: http://www.winpcap.org/
2. Unpack the ngrep source
@@ -61,14 +62,11 @@ ngrep is a PCAP-based program and therefore requires the PCAP kernel
driver to be installed before it will function properly.
The PCAP Driver is already integrated into the vast majority of UNIX
and Linux kernels released within the last ~10 years.
and Linux kernels released within the last ~20 years.
The Windows Platform, however, does not come with an integrated PCAP
kernel driver by default, so it is necessary to install one before
ngrep will work. The latest version (as of this writing) is located
at:
http://www.winpcap.org/install/bin/WinPcap_3_1.exe
ngrep will work.
Getting Help
@@ -78,8 +76,8 @@ On UNIX, if you still have problems compiling or are compiling on an
unsupported OS, try playing with other build types -- i.e. if you have
a BSD derived system, try the BSD build type.
Please email me for help if you if you still have problems, however
please try to help yourself first and search Google for possible
answers before contacting me.
If you still have problems, please submit an issue on GitHub or feel
free to email me, however please try to help yourself first and search
Google for possible answers before reaching out.
Jordan Ritter <jpr5@darkridge.com>
View
File renamed without changes.
View
@@ -0,0 +1,83 @@
## ngrep 1.47 (9.7.2017)
ngrep is like GNU grep applied to the network layer. It's is a PCAP-based tool
that allows you to specify an extended regular or hexadecimal expression to
match against data payloads of packets. It understands many kinds of protocols,
including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of
interface types, and understands BPF filter logic in the same fashion as more
common packet sniffing tools, such as tcpdump and snoop.
## What's New
* Fix "no VLAN support for XXX"-related problems
* Fix truncated/garbled output (e.g. SIP over SLL/Linux cooked sockets)
* Change exit behavior to match BSD & GNU grep (see manpage)
* Add Solaris IPnet support
* Update to use 32bit values where relevant
* Emit frame # in header, useful for reference/analysis
* Emit total received, matched upon exit (dropped unreliable PCAP stats)
* Import debian patches related to autotools, manpage, and compilation
* on other platforms
* Fix build clean/distclean when not linked against provided GNU regex
* Fix build --enable/--disable flag processing
* Fix building under MS VS2012 / Win32
* Update to latest autotools (2017)
## How to use
ngrep was originally developed to:
* debug plaintext protocol interactions such as HTTP, IMAP, DNS, SIP, etc.
* identify and analyze anomalous network communications such as those between
malware, zombies and viruses
* store, read and reprocess pcap dump files while looking for specific data
patterns
As well, it could be used to do plaintext credential collection, as with HTTP
Basic Authentication, FTP or POP3 authentication. Like all useful tools, it can
be used for good and for bad.
Visit [EXAMPLES](EXAMPLES.md) to learn more about how ngrep works and can be
leveraged to see all sorts of neat things.
## Support, Feedback, & Patches
If you need help, have constructive feedback, or would like to submit a patch,
please visit ngrep's project at GitHub and use the online tools there. It will
help the author better manage the various requests and patches so that nothing
is lost or missed (as has been the case in the past, unfortunately).
* Issues: https://github.com/jpr5/ngrep/issues
* Patches: https://github.com/jpr5/ngrep/pulls
## Confirmed Working Platforms
* Linux 2.0+ (RH6+, SuSE, TurboLinux, Debian, Gentoo, Ubuntu, Mandrake, Slackware)/x86, RedHat/alpha Cobalt, (Qube2) Linux/MIPS
* Solaris 2.5.1, 2.6/SPARC, Solaris 7, Solaris 8/SPARC, Solaris 9/SPARC
* FreeBSD 2.2.5, 3.1, 3.2, 3.4-RC, 3.4-RELEASE, 4.0, 5.0
* OpenBSD 2.4 (after upgrading pcap from 0.2), 2.9, 3.0, 3.1+
* NetBSD 1.5/SPARC
* Digital Unix V4.0D (OSF/1), Tru64 5.0, Tru64 5.1A
* HPUX 11
* IRIX
* AIX 4.3.3.0/PowerPC
* BeOS R5
* Mac OS X 10+
* GNU HURD
* Windows 95, 98, NT, 2000, XP, 2003/x86, 7, 8, 8.1, 10
## Miscellany
Please see [CREDITS](CREDITS) for a partial list of the many people who helped make ngrep
what it is today. Also, please note that ngrep is released under a simple
BSD-style license, though depending on which regex library you compile
against, you'll either get the GPL (GNU regex) or Artistic (PCRE).
* Unix libpcap: http://www.tcpdump.org/release/
* Windows libpcap: http://www.winpcap.org/install/
* PCRE: http://www.pcre.org/
View

This file was deleted.

Oops, something went wrong.

0 comments on commit 3cb4c58

Please sign in to comment.