Wireshark and Firewall Rules
One of the infrastructure folks where I work showed me a nifty feature in Wireshark I'd never noticed before. Click on any captured packet, and go to Analyze, Firewall ACL Rules. A dialog box will pop up showing you the syntax to write a rule denying or accepting the packet by IP, MAC, port or combination thereof depending on what device you choose. Supported is Cisco IOS, iptables, ipfirewall, Windows firewall, and pf (BSD's Packet Filter firewall). Very nice.