o fixed bug where setting the snaplen smaller than the minimum
necessary to read the full headres would cause garbage to be
fed into the pattern matcher
o fixed unreported bug in IPv6/TCP packet length calculation
o relocated the privilege-dropping routine to be invoked right
before entering the packet processing loop, to prevent
interference with necessary permissions to read or write
dumpfiles/etc.
o fixed integer overflow with the snaplen that resulted from
an implicit signed/unsigned conversion
o minor change to compensate for some broken compiler
optimizers
o fixed double-free race condition during ngrep termination
o reworked packet length calculation in the main processing
loop, improving performance and readability
o simplified regex build logic in configure and Makefile
o updated Win32 version to use config.h for preprocessor
definitions instead of the Visual Studio project files,
making manual tweaking and config of ngrep for Win32
consistent with *NIX and more obvious
o changed third-party Makefiles to properly clean up after
themselves
o added support for radiotap (IEEE802_11_RADIO)
o changed ``-s 0'' invocation to mimic the equivalent of tcpdump
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
* healed the win32 code fork: ngrep now builds from the same
source tree for all platforms including Windows
* re-wrote the privilege revocation logic after problems were
reported with the SPC version, and removed non-root
drop_privs capability altogether
* fix off-by-one bug which caused ngrep to exit 1 packet early
when ``-A'' as invoked
* Fixed problematic configtest for old broken-redhat-glibc UDP header
* ngrep now sets a pcap filter "ip" by default, if one is not specified
* header offset fix to 802.11 processing
* support IGMP and Raw (unknown IP protocol) type packets
* support for latest versions of libpcap (0.8.3) and winpcap (3.1 beta 4)
* updated configure to autoconf 2.59, and config.guess and
config.sub to latest versions
* updated PCRE from 3.4 to 5.0
* and various minor changes and updates to improve ngrep
* rewrote the entire configure.in/config.h.in to autoconf 2.57
to be more consistent with normal autoconf'd programs.
corrects bugs around packaging impediments and typos.
* improved privilege dropping code and added more options to
configure to govern its behaviour
* added flag to turn off privilege revocation logic
* added multiline match as default and ability to enforce
previous default single-line match (bugfix + feature)
* added ability to read bpf filter expression from file
* added ability to force the column width to a certain size
* added two new output modes: ``byline'', whose output
respects embedded carriage returns (useful for http dumps),
and ``none'', which prints out each dump as a single line no
matter what.
* added ability to specify alternate nonprintable character
(default is ``.'').
* made ``-q'' effects more consistent and usable for scenarios
where ``-I'' and/or ``-O'' are being employed
* documentation updated
* improved support for a few OSes
* 802.11 support
Changes 1.40:
* OpenBSD tun device support
* MacOS X support
* ISDN (SLL) support
* fixed bug from not considering caplen in payload length calculations
* Moved to sourceforge
* UNIX: Now ngrep compiles with the GPL'd GNU regex library, or the more
license-friendly PCRE library under the Artistic License
* UNIX: Recognition of window size changes
Annoyed when you maximize your term program and ngrep doesn't take
advantage of all the new space? Now ngrep catches the change
when in a non-hexadecimal display mode and adjusts the output accordingly.
* Minor bugfix in time printing with -t
When run with the '-t' option, ngrep would display the previous month as
the current date.
ngrep strives to provide most of GNU grep's common features, applying
them to the network layer.
ngrep a pcap-aware tool that will allow you to specify extended
regular expressions to match against data payloads of packets. It
currently recognizes TCP and UDP across ethernet, ppp and slip
interfaces, and understands bpf filter logic in the same fashion
as more common packet sniffing tools, like tcpdump and snoop.