Examples:

  o ngrep  -qd eth1  'HTTP'  tcp port 80

    Be quiet, look only at tcp packets with either source or dest port
    80 on interface eth1, look for anything matching 'HTTP'. 

  o ngrep  -qd le0 port 53

    Watch all tcp and udp port 53 (nameserver) traffic on interface
    le0.  Be quiet.

  o ngrep  'USER|PASS'  tcp port 21

    Look only at tcp packets with either source or dest port 21, look
    for anything resembling an FTP login.

  o ngrep -wiA 2  'user|pass'  tcp port 21
  
    Alternatively, match either 'user' or 'pass' case insensitively,
    and dump the next 2 packets following (that match the bpf filter).