How to Use NGrep (BSWJ)


Network Grep (NGREP) is a useful network analysis tool which performs operations based upon the Grep engine, allowing for the use of regular expressions and text pattern matching.

14 minutes
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

Course Content
Module 1: BSWJ: NGrep
Course Description

Teaching Assistants George Mcpherson Vikramajeet Khatri

(Disclaimer: Breaking Stuff with Joe is a Cybrary series that will be running indefinitely. You will not earn CEU/CPE hours by watching any individual 'Breaking Stuff with Joe' episode. However, you can still earn a certificate of completion for each episode completed.)

Using Network Grep

Network Grep, also called NGrep, is a powerful network tool that performs as a “sniffer.” NGrep provides the capability of grepping the network packet’s payload for text pattern matching. This tool’s operations are based on the Grep engine, which allows for the use of regular expressions. It has a command line interface and uses the packet capture (pcap) library, as well as the GNU regex library.

NGrep is a useful tool that is good to always have on hand for fast pcap analysis. It’s a tool that offers advanced features and also allows for packet dumping.

Why Use Network Grep?

To put it simply, NGrep is a utility that allows you to use Grep capabilities at the network level. Here are some of the functions and features that you get with NGrep:

  • It can be used to examine pcap files and also capture live traffic on a local interface.
  • Both regular and hex expressions can be input by analysts to be compared and matched against packets.
  • It’s also possible for NGrep to be used for the specific goal of intercepting and showing the communications of another computer, user, or network.
  • It can be used to capture traffic on the wire and store pcap dump files, as well as to read files generated by other sniffer applications.
  • It supports Berkeley Packet Filter (BPF) logic to select protocols, network sources, or destinations.
  • It’s an open source application. You can access the source code at the NGrep website.
  • It supports many different platforms including Linux, BSD, OS X, Solaris, illumos, Windows, and AIX.
  • It also supports many different protocols including IPv4 and IPv6, TCP, UDP, ICMPv4 and ICMPv6, IGMP, Ethernet, PPP, SLIP, FDDI, and Token Ring.

NGrep is truly a practical tool for troubleshooting networks. It’s absolutely worth adding to your network toolbox.

For more information about the NGrep tool, and to learn to use it, check out our How to Use NGrep tutorial. The class provides you with all the information you need to begin using the NGrep tool.

Instructed By
Joe Perry
Joe Perry
Senior Technical Instructor at FireEye, Inc
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a How to Use NGrep (BSWJ) Certificate of Completion