ngrep -d any port 25
Monitor all activity crossing source or destination port 25 (SMTP).
ngrep -d any 'error' port syslog
Monitor any network-based syslog traffic for the occurrence of the word “error”. ngrep knows how to convert service port names (on UNIX, located in “/etc/services”) to port numbers.
ngrep -wi -d any 'user|pass' port 21
Monitor any traffic crossing source or destination port 21 (FTP), looking case-insensitively for the words “user” or “pass”, matched as word-expressions (the match term(s) must have non-alphanumeric, delimiting characters surrounding them).
via ngrep – network grep.