tcpdump is a great tool, if you want raw, unadulterated data from your interface. tcpflow is even better, if you need readable results, reports or to make copies of what’s traveling through, NSA-style.
tcpick follows its own take on the idea, allowing color-coding for readability, block analysis of data chunks, timestamps, datestamps, visual separation of packets, conversion to hexadecimal, view in hex-plus-ASCII, and a lot more.
Most of what tcpick does is still random gibberish to me, but I was able to get rather interesting results when asking it to block off hex and ASCII versions. There you can plainly see the news alerts that are traveling through, en route to rhapsody.
The documentation suggests tcpick can split out connections and save the data passing through, into individual files and folders. I didn’t press it to do that, but if the end results are anything like tcpflow, that’s good news.
It also appears that tcpick is capable of sifting through the output of
tcpdump -w, which again I didn’t try but should also be useful, to those in the know.
I acknowledge that I don’t know much about networking, but I know a useful and effective program when I see it. It may be that tcpick’s true strengths are invisible to me, but what I can see is very encouraging.