Network monitoring with ngrep
Author Jordan Ritter says that ngrep has traditionally been used to debug plaintext protocol interactions such as HTTP, SMTP, and FTP; to identify and analyze anomalous network communications, such as those between worms, viruses, and zombies; and to store, read, and reprocess pcap dump files while looking for specific data patterns.
You can also use ngrep to do the more mundane plaintext credential collection, as with HTTP basic authentication or FTP or POP3 authentication. Like all tools, it can be useful in the right hands and damaging if used by those with less than admirable intentions.
The link for this article located at NewsForge is no longer available.