Proposal:

        Integrate ngrep into Solaris.

Detail:

        ngrep is a tool for ?grepping? specific information in network
        packets. ngrep strives to provide most of GNU grep's common
        features, applying them to the network layer. ngrep is a
        pcap-aware tool that will allow you to specify extended regular
        or hexadecimal expressions to match against data payloads of
        packets. It currently recognizes IPv4, TCP, UDP, ICMPv4, IGMP
        and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null
        interfaces, and understands BPF filter logic in the same fashion
        as more common packet sniffing tools, such as tcpdump and snoop.
        The current version of ngrep is 1.45 at the time of this case.
	The binding requested is patch. The consolidation is SFW.



Exported Interfaces:

        SUNWngrep          Uncommitted         Package name
        /usr/sbin/ngrep    Committed           Executable location
        ngrep              Uncommitted         Commandline syntax

Imported Interfaces:

        SUNWlibpcap        Libraries (libpcap.so)

Security:

        RBAC - Anyone who has a role which contains the Network
        Management privileges can execute the ngrep as a root. (no SUID
        bit for all, just line added to /etc/security/exec_attr as for
        other sniffing tools like snoop).

        There was an '-R' option that prevents ngrep from dropping the
        root privileges after it starts the capturing. It could be
        dangerous (one never knows what will be received from the
        network). This option has been removed.

References:

 [1] http://ngrep.sourceforge.net/
     Author(s) of ngrep: Jordan Ritter <jpr5@darkridge.com>
 [2] 6721123 - Integrate ngrep into Solaris.

 List of new files:
 usr/sbin/ngrep
 usr/share/man/man1m/ngrep.1m