Wednesday, June 4, 2025

 Linux grep Commands

V grep "example" my.txt search for "example" in "my.txt" 

V grep "example" * txt search for "example" in all ".txt" files 

V grep-i "example" my.txt search for "example" while ignoring cases 

V grep-c "example" my.txt count # of lines that contain "example" 

V grep-n "example" my.txt show line numbers along with matched lines v grep-r "example" '. search for "example" in all files recursively grep-v "example" my.txt display lines that do not contain "example" 

V grep-w "example" search for lines containing "example" as a full word 

V grep -e "key1" -e "key?" my.txt show lines containing either pattern 

V grep-v-e "key1" -e "key2" my.txt show lines containing neither pattern 

V grep "key1"key2" my.txt display lines contain both "key1" and "key?"

V grep -E "errorlwarning" app.log use extended regex for matching 

V grep -E "^[a-zA-Z]" my.tt another extended regex example v grep-m3 "keyword" my.txt limit grep output to a fixed number of lines 

V grep-A2-B2 "example" my.txt show 2 lines before and after match v grep -C3 "error" server.log show 3 lines before and after match grep- "spoofing" my.txt show lines that exactly match a string 

V grep- "example" * display file names that match the pattern 

V grep "^hello" my.txt show all lines that start with "hello" 

V grep "done$" my.txt show all lines that end with "done" grep-o "begin."end" my.txt show only the matched string v grep -color "example" my.txt display matches with color v grep "[0-9]" my.txt show all lines that contain any digits grep-a "string" my.bin search for a string in a binary file

Posted by at No comments:

 

Useful Wireshark filters



  • ip.addr == 10.0.0.1: Show all traffic with 10.0.0.1 as either source or destination.
  • ip.addr == 10.0.0.0/24: Show all traffic to and from any address in 10.0.0.0/24.
  • ip.src == 10.0.0.1 && ip.dst == 10.0.0.2: Show all traffic from 10.0.0.1 to 10.0.0.2.
  • ! ip.addr == 10.0.0.1): Exclude all traffic to or from 10.0.0.1.
  • iсmp.type == 3: Show ICMP "destination unreachable" packets.
  • tep or udp: Show TCP or UDP traffic.
  • tcp.port == 80: Show TCP traffic with port 80.
  • tcp.srcport < 1000: Show TCP traffic with source port range.
  • http or dns: Show all HTTP or DNS traffic.
  • tcp.flags.syn == 1: Show TCP packets with SYN flag set.
  • tcp.flags == 0x012: Show TCP packets with both SYN and ACK flags set.
  • tcp.analysis.retransmission: Show all retransmitted TCP packets.
  • http.request.method == "GET": Show TCP packets associated with HITP GET.
  • http.response.code == 404: Show packets associated with HTTP 404 response.
  • http.host == www.abc.com: Show HTTP traffic matching the Host header field.
  • tls.handshake: Show only TLS handshake packets.
  • tis.handshake.type == 1: Show client Hello packet during TLS handshake.
  • dhep and ip.addr == 10.0.0.0/24: Show DHCP traffic for 10.0.0.0/24 subnet.
  • dhcp.hw.mac_addr == 00:11:22:33:44:55: Show DHCP packets for client MAC address.
  • dns.resp.name == cnn.com: Show DNS responses with name field of "cnn.com".
  • frame contains keyword: Show all packets that contain the word "keyword".
  • frame.len > 1000: Show all packets with total length larger than 1000 bytes.
  • eth.addr == 00:11:22:33:44:55: Show all traffic to or from the specified MAC address.
  • eth[0x47:2] == 01:80: Match Ethernet frames with 2 bytes at offset 0x47 == 01:80.
  • !(arp or icmp or stp): Filter out background traffic from ARP, ICMP, and STP.
  • vlan.id == 100: Show packets with VLAN ID 100.
Posted by at No comments:
Subscribe to: Posts (Atom)