ngrep (network grep) is a network packet analyzer written by Jordan Ritter.It has a command-line interface, and relies upon the pcap library and the GNU regex library.
ngrep supports Berkeley Packet Filter (BPF) logic to select network sources or destinations or protocols, and also allows to match patterns or regular expressions in the data payload of packets using GNU grep syntax, showing packet data in a human-friendly way.
ngrep is an open source application, and the source code is available to download from the ngrep site on SourceForge. It can be compiled and ported to multiple platforms, it works in many UNIX-like operating systems: Linux, Solaris, BSD, AIX, and also works on Microsoft Windows.
Capturing raw network traffic from an interface requires special privileges or superuser privileges on some platforms, especially on Unix-like systems. ngrep default behavior is to drop privileges in those platforms, running under a specific unprivileged user.Like tcpdump, it is also possible to use ngrep for the specific purpose of intercepting and displaying the communications of another user or computer, or an entire network.A privileged user running ngrep in a server or workstation connected to a device configured with port mirroring on a switch, router, or gateway, or connected to any other device used for network traffic capture on a LAN, MAN, or WAN, can watch all unencrypted information related to login ID’s, passwords, or URLs and content of websites being viewed in that network.