Searching in Unusual Ways and Places

  Æleen Frisch

Sidebar: grep Context Displays

A few weeks ago, I was reading an article that cited some statistics about how many times various actions were performed in the course of a lifetime: how many hours a person sleeps, how many miles are driven to work, how much food is consumed — you get the idea. I started to think about how many times I’ve done various things, including how many times I’d run various UNIX commands. For me, the top two most frequently used commands are ls and grep. In the course of my career so far, I’ve run each of them more than 100,000 times.

Clearly, grep is a command I can’t live without. I constantly use it on its own and in pipes with other commands. For example:

% ps -aux | egrep 'chavez|PID'
USER      PID  %CPU  %MEM    VSZ  RSS   TTY    STAT  START   TIME  COMMAND
chavez  14355   0.0   1.6   2556  1792  pts/2  S     10:23   0:00  -tcsh
chavez  18684  89.5   9.6  27680  5280  ?      R N   Sep25  85:26  /home/j03/l988

I use this command combination often enough with different usernames that I’ve defined an alias for it.

There are times, however, when I want to perform grep-like search operations but grep itself is cumbersome or impossible to use: finding data within network traffic, looking for a software package, locating a specific email message. In these contexts where grep can’t be applied easily, I have to turn to other tools (some are open source, others are vendor provided). This article will look at some of them.

Searching Network Packets

Searching network traffic for patterns in real time is a useful technique for debugging a variety of network problems. It’s not easy to apply grep to this task.