A little over a week ago Microsoft has released the third version of Network Monitor, a network sniffing utility. With this tool you can capture network traffic that passes over your network card. It allows you to see what really goes over the wire. Very useful when you want to verify what you are sending, instead of assuming what this might be. On occassion, you can study custom application protocols and reverse engineer it, like I did for the Ventrilo, Half-Life and Source protocol. (Side note: the picture below shows a Source server status packet.)
This version is a major step forward from v2.0. As you can see in the screen shots the user interface is really nice. The tabbed layout allows you to have multiple captures open simultaneously. You can apply filters during or after performing captures. You even get a clear indication of where you messed up a filter, even though you have IntelliSense available to construct the filters.
There is support for a lot of protocols so you can see the specific data deconstructed in the payload of the network packets. You can extend this quite easily. In the pictures below you can see all the particular items that are supported, e.g. the Teredo protocol that is used to map IPv4 addresses into the IPv6 network space. (You will see more on this once the P2P protocol in WCF takes flight.)
A major limitation of Network Monitor (and all similar tools like Ethereal) is that you can only capture traffic that really enters and exits your network interface adapter. This means that you are out of luck for the traffic that goes to the loopback address (127.0.0.1), the localhost alias or any IP address that are bound to local network adapters.
Anyway, you should download Network Monitor for your sniffing needs (it won’t go through a straw into your nose, btw). Keep it handy when you need to check the network traffic.