wireshark is the world's foremost network protocol analyzer. it lets you capture and interactively browse the traffic running on a computer network. it is the de facto (and often de jure) standard across many industries and educational institutions. 
wireshark has a rich feature set which includes the following:
 deep inspection of hundreds of protocols, with more being added all the time live capture and offline analysis standard threepane packet browser multiplatform: runs on windows, linux, os x, solaris, freebsd, netbsd, and many others captured network data can be browsed via a gui, or via the ttymode tshark utility the most powerful display filters in the industry rich voip analysis read/write many different capture file formats: tcpdump (libpcap), pcap ng, catapult dct2000, cisco secure ids iplog, microsoft network monitor, network general sniffer® (compressed and uncompressed), sniffer® pro, and netxray®, network instruments observer, netscreen snoop, novell lanalyzer, radcom wan/lan analyzer, shomiti/finisar surveyor, tektronix k12xx, visual networks visual uptime, wildpackets etherpeek/tokenpeek/airopeek, and many others capture files compressed with gzip can be decompressed on the fly live data can be read from ethernet, ieee 802.11, ppp/hdlc, atm, bluetooth, usb, token ring, frame relay, fddi, and others (depending on your platform) decryption support for many protocols, including ipsec, isakmp, kerberos, snmpv3, ssl/tls, wep, and wpa/wpa2 coloring rules can be applied to the packet list for quick, intuitive analysis output can be exported to xml, postscript®, csv, or plain text