Add pcapng support - Githubissues

jpr5 / ngrep

ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

https://github.com/jpr5/ngrep

Other

889 stars 99 forks source link

Add pcapng support #7

Open vdun opened 8 years ago

jpr5 commented 7 years ago

Can you please elaborate?

q2dg commented 5 years ago

pcapng is the default format from Wireshark/Tshark

jpr5 commented 5 years ago

I guess the question is, what is the actual problem you are experiencing? What version of ngrep are you using? What version of the PCAP libraries was it linked against? Etc.