So I'm almost ready to release a tool that reads/parses ascii tcpdump logs and animates visualizations the structure of the packets in the file in sequence. You can find a video of it here:
http://www.flickr.com/photos/sintixerr/4094209162/
(Try it HD, full screen)
The packets are laid out left to right, from byte 0 to byte 1500ish. The Y axis is based on the value seen in a given position in the packet (0-255). Colors are based on a combination of "value in position difference from average" and "first byte of the source IP". (Although this will eventually be somewhat customizable...it's just what I have in there now.) The app then displays the packets over time....using a window of 1-N packets at a time (depending on the dataset, different windows help you see patterns you wouldnt otherwise). The further back in the window a packet is, the more transparent/faded it is.....this helps distinguish between newer/older packets being seen as well as to help with smoother animations of patterns seen. The app will let you stop the animation at a given point, change how many packets are seen on the fly (so, if you want to see 1 at a time, you can), step manually through the packets (backward or forward). At some point, I hope to be able to show what value/position combination each of the dots represent if you hover over them.
For me, I use this to get in idea of the boundaries of protocols I dont know, look for "unusual" packets, and look for correlations I wasnt previously aware of between values.
(In this set, the far left will be the TCP/IP headers, but the bulk right of that is payload...you can tell most of the payload is human-headable...the values fall into ASCII ranges more than anything else)
http://sintixerr.wordpress.com