This summer, I've been using SSLDump and WinDump to do traffic analysis on some production web services. These tools work pretty well; essentially we capture data on a server using WinDump and then do post processing using a modified version of SSLDump and a Python script to do the actualy analysis on the data.  What we're trying to find out is where time is being spent in a transaction; for instance, if the network pipe to the customer is slow, or if the mainframe behind the web service is slow.  We can tell if the SSL handshake is taking a long time.  Often, it's useful just to see the raw data if we're not sure where something's gone awry.  Anyway, we've been looking at a way to access the WinPCap libraries from .NET and came across a few options on CodeProject.com:

• PktCap - I haven't looked too much at this one.  There's no source for the PCap interop library, and the author seems to have abandoned work on it.
• DotNetWinPCap - Seems to work, but with a big minus: no source code.  He appears to have written a wrapper around wpcap.dll.
• Pacanal - This seems like the best option.  This is a lone author who aims to write a .NET version of ethereal.  Maybe I'm just in awe of what Fýrat Koçak has done: he's essentially rewritten wpcap.dll and packetx.dll, reusing the kernel driver from WinPCap and writing to the low level I/O routines.  It's a pretty impressive app, a sniffer that can do TCP, UDP and HTTP decoding, along with a few other protocols, save to WinPCap format, etc. 

None of these fully replace WinPCap, which isn't the point.  Pacanal seems like a great option if you need to get access to network sniffing functionality from .NET.