Using NGrep

You can monitor and search for about any packet combination you can think of with NGrep. For instance, you can set it up to watch TCP port 25 (SMTP) and monitor and record email traffic.
Using RegEx filter expressions, you could even filter this for selected source or destination hosts, email addresses or content. An example of this is the use of such a filter to protect intellectual property. A small string could be embedded into documents (e.g. Word files in the templates) and this could then be used as a search term.
As from the image above (FTP) and that below (Telnet - in this case for Cisco and similar devices) we could look for insecure authentication. This example looks for username and password combinations that are sent over clear-text pathways.
In addition, the "-W byline" option will display data is a manner that is better presented for us humans. The example below shows us collecting HTTP (TCP 80) traffic. This example allows us to see the actual HTTP calls to the server and the ASCII data contained within this process.
We could even restrict this to selected web pages that we want to monitor.

NGrep supports IP (TCP & UDP) and ICMP. It also understands Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces.

If you want to learn more, download Ngrep and have a read of the usage page at sourceforge.