tcpdump is the kind of tool I'm glad is in my toolbox, but I hate when I have to get it out. Not because it's hard to use, and this article / Julia does a great a job at explaining the basics, but every time I've had to use it in the past was because something was really wrong and none of the partner teams I've had to work with either knew how to troubleshoot or had the tools to do it. If you run any kind of network connected infra, it's worth the investment in learning how tcpdump and Wireshark work.
I've realised this recently reading various stories about what seem like amazing debug stories but boiled down to understanding how to use tcpdump or wireshark or some other profiling/logging tool but they are amazing because most devs simply don't know how to use them (or even if to use them).
This is probably part of the reason why Google is super fast and most software is super slow.
Same for IT teams. I should be able to assume that any answer to a network question includes the relevant info from the wireshark trace not just, "I can't see anything wrong with it"!
It's not even that the best debug stories boil down to understanding and using tcpdump, but there's a real, giant divide between people who know how to troubleshoot and those who don't. Slinging code is relatively easy if you know the language, but odds are your app talks to a database, or makes a web call, or uses memory, and knowing how you interact at that layer is the difference between good and bad experiences, and uptime or not when things fail. I'm no electrician, but I know how to check my circuit box when something in my house won't power on, and then how to swap power cables, etc.
