Home/ Questions/Q 67749
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T19:18:31+00:00

I just learned about ngrep , a cool program that lets you easily sniff

  • 0

I just learned about ngrep, a cool program that lets you easily sniff packets that match a particular string.

The only problem is that it can be hard to see the match in the big blob of output. I’d like to write a wrapper script to highlight these matches — it could use ANSI escape sequences:

echo -e 'This is \e[31mRED\e[0m.'

I’m most familiar with Perl, but I’m perfectly happy with a solution in Python or any other language. The simplest approach would be something like:

while (<STDIN>) {    s/$keyword/\e[31m$keyword\e[0m/g;    print; }

However, this isn’t a nice solution, because ngrep prints out hash marks without newlines whenever it receives a non-matching packet, and the code above will suppress the printing of these hashmarks until the script sees a newline.

Is there any way to do the highlighting without inhibiting the instant appearance of the hashmarks?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Ah, forget it. This is too much of a pain. It was a lot easier to get the source to ngrep and make it print the hash marks to stderr:

    --- ngrep.c     2006-11-28 05:38:43.000000000 -0800 +++ ngrep.c.new 2008-10-17 16:28:29.000000000 -0700 @@ -687,8 +687,7 @@      }       if (quiet < 1) { -        printf('#'); -        fflush(stdout); +      fprintf (stderr, '#');      }       switch (ip_proto) {

    Then, filtering is a piece of cake:

    while (<CMD>) {   s/($keyword)/\e[93m$1\e[0m/g;   print; }
    • 0