Wireshark is the most widely used network protocol analyzer for capturing and inspecting traffic.
tshark -i eth0 -w capture.pcap
tshark -r capture.pcap -Y "http.request.method==POST"
tshark -r capture.pcap -Y "ftp.request.command==PASS"
tshark -r capture.pcap -Y "frame contains password"