I've recently started looking at pcap, the packet capturing library for Unix/Windows, and thinking of writing something to use it.
I've written clients + servers before, and I've designed protocols which assume insecure networks - but I've never actually written any kind of sniffing tool and I can't help thinking it would be interesting.
I'm a little lost now, I was thinking of writing something like ngrep; a grep-like tool which could search through current network traffic. (I'm not really interested in sniffing passwords, etc, it's of limitted real life non-blackhat use).
So if anybody has any interesting ideas of network capture/sniffing tools they'd like written drop me a line...
I guess I should mention that I've heard of 'snort' already - and I use netcat on an almost daily basis..