I use wireshark and microsoft network monitor extensively, but I'm curious if there are other good (hopefully free / open source) software packages for analyzing TCP/IP traffic?
I'm especially interested in forensic uses and analysis of network issues.
I think Wireshark is pretty much the open/free standard. Is there something you're looking for that it doesn't do?
Basically this boils down to a question: what OSI level are you interested in? If you want to know about what exactly was transmitted, you cannot avoid Wireshark, tcpdump or alike. But if you are interested to learn patterns that appear in your network you have to analyze netflows, packet capture is simply an overkill.
And for netflows there are many tools:
http://nsmwiki.org/index.php?title=Argus
http://www.networkuptime.com/tools/netflow/
http://www.mindrot.org/projects/
http://code.google.com/p/flow-tools/
http://www.ntop.org/nProbe.html
Ditto on wireshark. If your looking for a command line tool, you might consider running the raw network trace through tcpdump. Although wireshark has better protocol disectors, tcpdump combined with some command line magic can be useful in certain situations.