Table of Contents Quick peek Sorts out unique User-Agent (devices) Monitor the occurrence of the keywords Monitor HTTP GET | POST traffic by IP addresses DNS Quick peek Monitor activities on device eth0 port 80: -W byline: linefeeds (LF) are printed as linefeeds, more readable. -qt: quiet mode and print human-readable timestamp. # ngrep -d eth0 -W byline -qt port 80 Sorts out unique User-Agent (devices) In corporate environment, desktop/laptop OS build is often standardized.