Linux ngrep - network grep Evan Davies Sep 8, 2009 ngrep -d any port 25 Monitor all activity crossing source or destination port 25 (SMTP). ngrep -d any 'error' port syslog Monitor any network-based syslog traffic for the occurrence of the word “error”. ngrep knows how to convert service port names (on UNIX, located in “/etc/services”) to port numbers. ngrep -wi -d any 'user|pass' port 21 Monitor any traffic crossing source or destination port 21 (FTP), looking case-insensitively for the words “user” or “pass”, matched as word-expressions (the match term(s) must have non-alphanumeric, delimiting characters surrounding them). via ngrep – network grep.