Sniffit
In the course of checking that a cups server was secure when passing login info I
ran sniffit on my Ubuntu box. It turns out you are well-advised to read the docs
in /usr/share/doc/sniffit/ rather than restricting yourself to the manpage as the
latter document is sparse on details. It turns out that the program will log
data to a file even though one doesn't explicitly specify this behaviour from
the command line. To put it in other words, you start it up thinking it will
dump it's output to stdout and it doesn't. It turns out that the -R option
allows one to specify a single output file. If one tails this file in another
window one gets the desired behavour of sending to stdout.
--
WalterTautz - 16 Jun 2006
Ethereal / Wireshark
Wireshark used to be ethereal, until the author left for another company. Now there's an ethereal, but there's also a wireshark. You want wireshark. It's ported to lots of platforms, including Windows and Mac OS X. They have commandline equivalents too (tethereal, twireshark).
tcpdump
You can't live without it, trust me.