As a sysadmin, I find it's great for problem localization. Usually an application has a pile of services behind it. Where is it going wrong? Appserver? Backend database? Name resolution? network contention? misrouted? blocked by a firewall?
You can cut away huge swaths of troubleshooting areas just by watching what is on the wire. There are problems you just won't find without knowing how to use a sniffer. I once had a core router dropping packets because of a flawed ACL implementation (It would treat fragmented packets as if they had port numbers at the matching payload offset).
Knowing how to use a packet sniffer makes hard problems so easy it feels like cheating.
Exactly the points I was coming to make. People I work with think I am some sort of addict when my default answer when someone asks me about a problem is to fire up a packet capture. Between tcpdump, nc, and burpsuite, seems like few network gremlins can hide.
You can cut away huge swaths of troubleshooting areas just by watching what is on the wire. There are problems you just won't find without knowing how to use a sniffer. I once had a core router dropping packets because of a flawed ACL implementation (It would treat fragmented packets as if they had port numbers at the matching payload offset).
Knowing how to use a packet sniffer makes hard problems so easy it feels like cheating.