When I read the portage log of Gentoo Linux, I saw a interesting software called ngrep - network grep (net-analyzer/ngrep). Here is the description from official site:

ngrep strives to provide most of GNU grep’s common features, applying them to the network layer.

ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets.

It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

We can visit the Usage Section and learn more about how ngrep works and can be leveraged to see all sorts of neat things.

Example: Debugging HTTP interactions:

# ngrep -W byline port 80
interface: eth0 (10.1.1.10/255.255.252.0)
filter: ip and ( port 80 )
####
T 10.1.1.10:42177 -> 64.90.164.74:80 [AP]
GET / HTTP/1.1.
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686) Opera …
Host: www.darkridge.com.
Accept: text/html, application/xml;q=0.9, application/xhtml+xml;q=0.9 …
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1.
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0.
Cookie: SQMSESSID=5272f9ae21c07eca4dfd75f9a3cda22e.
Cookie2: $Version=1.
Cache-Control: no-cache.
Connection: Keep-Alive, TE.
TE: deflate, gzip, chunked, identity, trailers.
.
##
T 64.90.164.74:80 -> 10.1.1.10:42177 [AP]
HTTP/1.1 200 OK.
Date: Mon, 29 Mar 2004 00:47:25 GMT.
Server: Apache/2.0.49 (Unix).
Last-Modified: Tue, 04 Nov 2003 12:09:41 GMT.
ETag: “210e23-326-f8200b40″.
Accept-Ranges: bytes.
Vary: Accept-Encoding,User-Agent.
Content-Encoding: gzip.
Content-Length: 476.
Keep-Alive: timeout=15, max=100.
Connection: Keep-Alive.
Content-Type: text/html; charset=ISO-8859-1.
Content-Language: en.
.
……….}S]..0.|………..H…8……..@..\….(…..Dw.%.,..;.k.. …
.;kw*U.j.< ...\0Tn.l.:......>Fs….’….h.’…u.H4..’.6.vIDI…….N.r …
..H..#..J….u.?..]….^..2…..e8v/gP…..].48…qD!……….#y…m …
####

Popularity: 48% [?]