Filter network traffic packets using regular expressions.
# To capture traffic of all interfaces:
ngrep -d any
# To capture traffic of a specific interface:
ngrep -d eth0
# To capture traffic crossing port 22 of interface eth0:
ngrep -d eth0 port 22
# To capture traffic from or to a host:
ngrep host www.example.com
# To filter keyword 'User-Agent:' of interface eth0:
ngrep -d eth0 'User-Agent:'