I used tcpflow extensively about 17 jobs ago. I had a Linux box on a hub segment with Windows servers running a .NET application, used for realtime capture and monitoring application traffic in a test environment. I had an independent implementation of the framing protocol and message format written in Ruby, and if my decoder choked, then it was either my problem or their problem. Early on, it was always my problem, but after about 6 weeks, it was their problem 70% of the time. Great way to uncover subtle bugs, at the upfront cost of a 2nd independent implementation.