Ngrep is similar to tcpdump with ability to look for regex search in packets playload and show matching packets to screen. This can be very useful for debugging and troubleshooting in production and development environments. Here are some handy command to use ngrep on Linux or Mac:
Using ngrep to print http request headers
ngrep in quiet mode (-q), ignore case (-i), for interface ppp0,
$ ngrep -d ppp0 -q -i -t -W byline '^(GET|POST) '
Using ngrep to print http response headers
$ ngrep -d ppp0 -q -i -t -W byline '^HTTP/' port 80
Using ngrep to print outgoing solr http request
Assuming solr running on port 8080
$ ngrep -d ppp0 -q -i -t -W byline '' 'dst port 8080'
Using ngrep to print mysql select queries
$ ngrep -d ppp0 -q -i -W byline 'SELECT' port 3306
Using ngrep to print destination memcache traffic on localhost
If memcache is running on localhost, we need to use loopback network interface. This is the outcome when you hit memcache.php
$ ngrep -d lo0 -q -i -W byline '' dst port 11211 T ::1:49630 -> ::1:11211 [AP] stats. ....
