(Before Ethereal (Wireshark) everyone used Tcpdump, and many people still use it today. It may not have as many bells and whistles as Wireshark (such as the Peugeot GUI, or the hundreds of use protocol logic analysis), but it can terminate many commands well, and has very few loopholes and consumes very little system resources. It rarely adds new features, but often fixes some bugs and maintains a small size. It can track the origin of network problems very well, and can monitor network flow. The Windows version is called WinDump. The packet capture library of Libpcap/WinPcap is based on TCPDump, which is also used in other tools such as Nmap. I remember that Tsutomu Shimomura (should be called Shimura Invasion) used his own modified version of TCPDUMP to record KEVINMITNICK's attack on his system, and later cooperated with the FBI to capture KEVINMITNICK.)