ngrep

ngrep is a tool to grep network traffic.

Install ngrep on CentOS using yum. It is part of the EPEL repo, so please refer to EPEL repo setup.

yum -y install ngrep

Look at the traffic hitting port 8080 (common port used for java servlets like tomcat or resin)

ngrep -q -d eth0 -w byline port 8080

Look at ICMP traffic. Ping, traceroute, mtr, etc.

ngrep -q -d eth0 '.' 'icmp'

There are a lot of good regex examples for ngrep here.

(Comments)

Comments