You can spend large amounts of money on tools for working with network captures. Or you can spend zero money and learn to capture and manipulate PCAP data from the command-line. Take equal parts tcpdump and Wireshark's command-line cousin, tshark. Add a dash of some of other, lesser-known tools. Blend this with a large dollop of Linux shell primitives. It's a powerful concoction for analyzing network data. You'll be drunk with power, producing new insights more quickly than you ever thought possible.