In the world of windows there is no standard tool to see what's going on the network level.
I have been working quite a while with web services and encryption and signing, so it's vital to me to see what's going on when a web service is being called.
The way I was doing it until recently was to use TCP proxies. TCP proxies open a TCP port and forward to some other host:port. In the process of doing so it dumps every connection on the screen or in a file.
For example if I want to listen what's going on a local (for the machine I'm working on) port 8080 the following had to be done: the software working on 8080 (a web service) is moved for example to 18080, then the proxy is opened at 8080 which forwards everything to localhost:18080.
There is one minor drawback to the whole story - the clients have to be supplied with a port that is not the port where the service resides. So if the proxy is missing - the service is invisible.
I've used mostly tcpmon and wsmonitor. wsmonitor sucks a lot. tcpmon works, but cannot handle moderately heavy traffic and has a lot of quirks that are very annoying. Anyway until recently it was my primary way of doing things.
Reading direcly from the TCP/IP Stack
There has always been software that can plug something in the TCP/IP stack of the windows machine and thus sniff the traffic. The bad side is that the machine has to be tampered with some third-party software. And some machines cannot (should not) be tampered like that.
A third way
There seems to be a software that can sniff the traffic without plugging nasty stuff in the TCP/IP stack. On such example is SmartSniff. It has what they call a "Raw Sockets" way of sniffing and so far it's working great.