IMHO, This is a long time coming for Windows. I love this thing. You probably already know about it, but I haven't read much about it anywhere and Its been very useful to me. Its a version of tcpdump for windows that doesn't require I install the Winpcap drivers. I use it along with PSEXEC to start remote sniffing probes on Windows workstations. I'm sure its NOT forensically sound to do this in on a box that may contain evidence because of the swap file, but for information gathering something like this is very useful.
So with this..
http://www.microolap.com/downloads/tcpdump/tcpdump.zip
Something like this
\mytools\psexec.exe \\remotecomputer -c \mytools\tcpdump.exe -i 1 -s0 -w \\remotefileserver\share\capturename.cap
Lets me turn every node on my network into a remote Snort probe, or just capture anamolies!
So with this..
http://www.microolap.com/downloads/tcpdump/tcpdump.zip
Something like this
\mytools\psexec.exe \\remotecomputer -c \mytools\tcpdump.exe -i 1 -s0 -w \\remotefileserver\share\capturename.cap
Lets me turn every node on my network into a remote Snort probe, or just capture anamolies!