I use wireshark and microsoft network monitor extensively, but I'm curious if there are other good (hopefully free / open source) software packages for analyzing TCP/IP traffic?
I'm especially interested in forensic uses and analysis of network issues.
Best Answer
Basically this boils down to a question: what OSI level are you interested in? If you want to know about what exactly was transmitted, you cannot avoid Wireshark, tcpdump or alike. But if you are interested to learn patterns that appear in your network you have to analyze netflows, packet capture is simply an overkill.
And for netflows there are many tools:
http://nsmwiki.org/index.php?title=Argus
http://www.networkuptime.com/tools/netflow/
http://www.mindrot.org/projects/
http://code.google.com/p/flow-tools/
http://www.ntop.org/nProbe.html