It works similar to grep except it scans network ports!
You can use -d to specify the Ethernet interface and -x to dump the data in hex. It also has primities such as "port 80" to listen to only web service traffic. The -W byline command helps to expose the line feeds.
-W normal|byline|single|none Specify an alternate manner for displaying packets, when not in hexadecimal mode. The ``byline'' mode honors embedded line‐feeds, wrapping text only when a linefeed is encountered (useful for observing HTTP transactions, for instance). The ``none'' mode doesn't wrap under any circumstance (entire payload is displayed on one line). The ``single'' mode is conceptually the same as ``none'', except that everything including IP and source/destination header information is all on one line. ``nor‐mal'' is the default mode and is only included for completeness. This option is incompatible with ``-x''.