Microsoft has quietly released a new network protocol analyzer and it looks like a winner. First off, we officially have support for Windows XP, something we never had before. All the post XP operating systems are also supported. There are both 32 and 64 bit versions. Most of the parsing modules are developed using a scripting language; creating your own paring modules doesn't look too difficult. The source code for all the Microsoft supplied scripts are installed with the tool. If your parsing needs exceed the scripting language's capabilities, you can fall back to C/C++. The core traffic display windows are a clone of WireShark (aka Ethereal). The UI is very Microsoft and easy to use. For filtering, instead of picking the left side of the expression from a list, you type the expression into a window with IntelliSense. Unfortunately, the documentation is somewhat lacking, but how to write scripts and filters is well covered.
You can download it at http://www.microsoft.com/downloads/details.aspx?FamilyID=aa8be06d-4a6a-4b69-b861-2043b665cb53&DisplayLang=en. WireShark is available at http://www.wireshark.org/.