From 34aec29c0886bf0257f7b090af8329c2c7f06dc7 Mon Sep 17 00:00:00 2001
From: zhangda7 <zhangda733@gmail.com>
Date: Thu, 1 Sep 2016 23:20:09 +0800
Subject: [PATCH] ngrep: add page (#930)

* ngrep: add page

* ngrep: update command

* ngrep: update syntax
---
 pages/common/ngrep.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 pages/common/ngrep.md

diff --git a/pages/common/ngrep.md b/pages/common/ngrep.md
new file mode 100644
index 0000000000..06d4740879
--- /dev/null
+++ b/pages/common/ngrep.md
@@ -0,0 +1,23 @@
+# ngrep
+
+> Filter network traffic packets using regular expressions.
+
+- Capture traffic of all interfaces:
+
+`ngrep -d any`
+
+- Capture traffic of a specific interface:
+
+`ngrep -d {{eth0}}`
+
+- Capture traffic crossing port 22 of interface eth0:
+
+`ngrep -d {{eth0}} port {{22}}`
+
+- Capture traffic from or to a host:
+
+`ngrep host {{www.example.com}}`
+
+- Filter keyword 'User-Agent:' of interface eth0:
+
+`ngrep -d {{eth0}} '{{User-Agent:}}'`