Grepping packets with Ngrep…

June 19, 2010 at 7:42 pm (Linux, Network, Sniffing, Unix)

Hey,

I was playing with a neat little tool the other day called, ngrep. Or Network Grep. It basically takes the functionality of the GNU grep utility and puts it to use on network layer packets 🙂 The following is a paragraph from the man page which helps sum it up better:

grep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump(8) and snoop(1).

Let’s take a quick look at one of the uses for ngrep that may seem attractive:

[zoidberg@/dev/null:~ ] $ sudo ngrep -d wlan0 -i 'USER|PASS' tcp port 21
interface: wlan0 (192.168.1.0/255.255.255.0)
filter: (ip or ip6) and ( tcp port 21 )
match: USER|PASS
############
T 192.168.1.68:39404 -> 130.89.149.226:21 [AP]
USER ftp..
##
T 130.89.149.226:21 -> 192.168.1.68:39404 [AP]
331 Please specify the password...
##
T 192.168.1.68:39404 -> 130.89.149.226:21 [AP]
PASS this.is.my@password.com..
############

Pretty neat huh? Another cool option worth looking into is -K (is kill matching TCP connections), however I will leave it up to your imagination to take it further… 🙂 If you find a neat use for this tool then please leave a comment, anyway, until the next time, see ya!

Advertisements

Permalink Leave a Comment

Using uuencode and uudecode…

June 18, 2010 at 12:25 pm (Encryption, Linux, Unix)

Hey,

I was playing around with uuencode and uudecode today in work. Figured I would put up a quick post that demonstrates how to encrypt a text file using these utilities. It may come in handy one day 😉 So here goes:

[Fri Jun 18 13:21:01]
[zoidberg@/dev/null:~/uuencode ] $ echo "This is a secret sentence" > secret.txt

[Fri Jun 18 13:21:14]
[zoidberg@/dev/null:~/uuencode ] $ uuencode secret.txt final.txt > encoded.txt

[Fri Jun 18 13:21:28]
[zoidberg@/dev/null:~/uuencode ] $ ls -l
total 8
-rw-r--r-- 1 zoidberg zoidberg 64 2010-06-18 13:21 encoded.txt
-rw-r--r-- 1 zoidberg zoidberg 26 2010-06-18 13:21 secret.txt

[Fri Jun 18 13:21:30]
[zoidberg@/dev/null:~/uuencode ] $ rm secret.txt

[Fri Jun 18 13:21:32]
[zoidberg@/dev/null:~/uuencode ] $ ls -l
total 4
-rw-r--r-- 1 zoidberg zoidberg 64 2010-06-18 13:21 encoded.txt

[Fri Jun 18 13:21:33]
[zoidberg@/dev/null:~/uuencode ] $ cat encoded.txt
begin 644 final.txt
:5&AI<R!I<R!A('-E8W)E="!S96YT96YC90H`
`
end

[Fri Jun 18 13:21:35]
[zoidberg@/dev/null:~/uuencode ] $ uudecode encoded.txt

[Fri Jun 18 13:21:55]
[zoidberg@/dev/null:~/uuencode ] $ ls -l
total 8
-rw-r--r-- 1 zoidberg zoidberg 64 2010-06-18 13:21 encoded.txt
-rw-r--r-- 1 zoidberg zoidberg 26 2010-06-18 13:21 final.txt

[Fri Jun 18 13:21:56]
[zoidberg@/dev/null:~/uuencode ] $ cat final.txt
This is a secret sentence

[Fri Jun 18 13:21:59]
[zoidberg@/dev/null:~/uuencode ] $

This is not very secure, but does come in handy, especially when dealing with mail servers all day every day 🙂

Permalink 1 Comment