$ port cat ngrep
# $Id: Portfile 31998 2007-12-13 11:48:32Z ryandesign@macports.org $

PortSystem 1.0

name            ngrep
version         1.45
categories      net
maintainers     grace@flipt.com
description     Network grep
long_description        ngrep strives to provide most of GNU grep's common features, applying \
                        them to the network layer. \
                        ngrep a pcap-aware tool that will allow you to specify extended \
                        regular expressions to match against data payloads of packets. It \
                        currently recognizes TCP, UDP, and ICMP across Ethernet, PPP, SLIP, \
                        FDDI, Token Ring and null interfaces, and understands BPF filter \
                        logic in the same fashion as more common packet sniffing tools, \
                        like tcpdump and snoop.
homepage        http://ngrep.sourceforge.net
platforms       darwin
master_sites    sourceforge
checksums       md5 bc8150331601f3b869549c94866b4f1c \
                sha1 f26090a6ac607db66df99c6fa9aef74968f3330f \
                rmd160 d4b89dfa23f6a7c65d3ccefc846362054a46605f
use_bzip2               yes

depends_build   port:libpcap
configure.args  --with-pcap-includes=${prefix}/include \
                                --mandir=${prefix}/share/man

To install ngrep, use port with sudo:

$ sudo port install ngrep
Password:
--->  Fetching libpcap
--->  Attempting to fetch libpcap-1.0.0.tar.gz from http://distfiles.macports.org/libpcap
--->  Verifying checksum(s) for libpcap
--->  Extracting libpcap
--->  Applying patches to libpcap
--->  Configuring libpcap
--->  Building libpcap
--->  Staging libpcap into destroot
--->  Installing libpcap @1.0.0_0
--->  Activating libpcap @1.0.0_0
--->  Cleaning libpcap
--->  Fetching ngrep
--->  Attempting to fetch ngrep-1.45.tar.bz2 from http://internap.dl.sourceforge.net/ngrep
--->  Verifying checksum(s) for ngrep
--->  Extracting ngrep
--->  Configuring ngrep
--->  Building ngrep
--->  Staging ngrep into destroot
--->  Installing ngrep @1.45_0
--->  Activating ngrep @1.45_0
--->  Cleaning ngrep

To get to the quick help run ngrep with the -h option:

$ ngrep -h
usage: ngrep <-hNXViwqpevxlDtTRM> <-IO pcap_dump> <-n num> <-d dev> <-A num>
             <-s snaplen> <-S limitlen> <-W normal|byline|single|none> <-c cols>
             <-P char> <-F file> <match expression> <bpf filter>
   -h  is help/usage
   -V  is version information
   -q  is be quiet (don't print packet reception hash marks)
   -e  is show empty packets
   -i  is ignore case
   -v  is invert match
   -R  is don't do privilege revocation logic
   -x  is print in alternate hexdump format
   -X  is interpret match expression as hexadecimal
   -w  is word-regex (expression must match as a word)
   -p  is don't go into promiscuous mode
   -l  is make stdout line buffered
   -D  is replay pcap_dumps with their recorded time intervals
   -t  is print timestamp every time a packet is matched
   -T  is print delta timestamp every time a packet is matched
   -M  is don't do multi-line match (do single-line match instead)
   -I  is read packet stream from pcap format file pcap_dump
   -O  is dump matched packets in pcap format to pcap_dump
   -n  is look at only num packets
   -A  is dump num packets after a match
   -s  is set the bpf caplen
   -S  is set the limitlen on matched packets
   -W  is set the dump format (normal, byline, single, none)
   -c  is force the column width to the specified size
   -P  is set the non-printable display char to what is specified
   -F  is read the bpf filter from the specified file
   -N  is show sub protocol number
   -d  is use specified device instead of the pcap default