Releases: georgeglarson/netgrep
Releases · georgeglarson/netgrep
v0.1.0 — Initial Release
Grep for the network, for a post-TLS world.
A modern replacement for ngrep with TCP stream reassembly, TLS decryption, and protocol-aware matching.
Highlights
- TCP stream reassembly — matches against reassembled streams, not single packets
- TLS decryption — TLS 1.2 and 1.3 via
SSLKEYLOGFILE(AES-GCM, ChaCha20-Poly1305) - Protocol-aware modes —
--http(HTTP/1.1 + HTTP/2) and--dns - Interactive TUI —
--tuifor a live packet table with detail pane
All Features
- Live capture and pcap/pcapng file reading
- BPF filter support (
-F) - Regex matching with color highlighting
- TCP stream reassembly (bidirectional, emits on PSH/FIN/RST)
- JSON output (
--json), hex dump (-x), quiet mode (-q) - Case-insensitive (
-i) and inverted (-v) matching - Interface listing (
-L) - Packet count limit (
-n) - HTTP/1.1 and HTTP/2 aware mode (
--http) - DNS-aware mode (
--dns) - TLS 1.3 decryption (AES-128-GCM, AES-256-GCM, ChaCha20-Poly1305)
- TLS 1.2 AES-GCM and ChaCha20-Poly1305 decryption
- Write matched packets to pcap file (
-O) - Interactive TUI mode (
--tui) - Line-buffered output (
-l) - Kernel buffer size option (
-B)
Quick Start
# Install
sudo apt install libpcap-dev # or: dnf install libpcap-devel
cargo install --git https://github.com/georgeglarson/netgrep.git
# Examples
sudo netgrep -n 5 # capture 5 streams
sudo netgrep -F "udp port 53" "example.com" # grep DNS traffic
sudo netgrep --http --keylog keys.log "password" # search decrypted HTTPS
sudo netgrep --tui -d eth0 # interactive TUIRequires Rust 1.91+, libpcap, and root/sudo for live capture.