Installing SNGREP in centos

sachin

Install sngrep in centos 7 from yum package

• Create file named `sngrep.repo` in `/etc/yum.repos.d` folder and add the following repository.

vi /etc/yum.repos.d/sngrep.repo

• Add the following content

[irontec]
name=Irontec RPMs repository
baseurl=http://packages.irontec.com/centos/$releasever/$basearch/

• Import the Irontec repositories public key.

rpm --import http://packages.irontec.com/public.key

• Now run following commands in order to update the yum cache and install the sngrep.

yum update
yum install sngrep

Command line arguments

sngrep [-hVciv] [-HL udp:addressport] [-IO pcap_dump] [-d dev] [-l limit] [-k keyfile] [] []
-h or --help: Display help and usage information
-V or --version: Display version information
-I or --input : Read packets from pcap file instead of network devices. This option can be used with bpf filters
-O or --output : Save all captured packets to a pcap file
-d or --device : Live capture from network device (by default, sngrep captures from all devices)
-k or --keyfile : Use private keyfile to decrypt TLS captured packets
-c or --calls: Only display dialogs starting with an INVITE request
-l or --limit: Change default capture limit
-i or --icase: Make match expression case insensitive
-v or --invert: Invert match expression
-N or --no-interface: Don't display sngrep interface, just capture
-q or --quiet: Don't print captured dialogs in no interface mode
-D or --dump-config: Print configured keybindings and settings after reading system and user resource files.
-H or --eep-send: Send captured data to other Homer/sngrep (udp:10.10.10.10:9060)
-L or --eep-listen: Received captured data from other captagent/sngrep (udp:10.10.10.10:9060)
: Match given expression in Messages' payload. If one request message matches the given expression, the following messages within the same dialog will be also captured.
: Filter captured/readed packets using a BPF filter

Additional Step (Optional)

You may see lines as alphabets, To have the lines printed correctly,

• Add the line below to the last line of the file nano ~/.bashrc

alias sngrep='NCURSES_NO_UTF8_ACS=1 sngrep'

• Apply changes by executing commad source ~/.bashrc