OldScotty has a popular question on today's GOTD page [#27], but unfortunately I was too late to get this posted, so in case it helps anyone at all...
-----
#27: "... It would certainly help if someone who is heavily dependent on networks would give an unbiased opinion..."
IMHO #48, CompNetTeach, had a decent way of putting it. Maybe the easiest way I can come up with to get a handle on it is to start with winpcap.org , reading the 1st couple of paragraphs under the Introduction heading. In a nutshell, data's passed around the network [& Internet], transmitted/received in small packets, & the WinPcap that NetWalk uses captures each one of those. Next, from the WireShark [wireshark.org] docs: "Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course)."
So you have WinPcap capturing the packets, WireShark analyzing them, & NetWalk providing a way for you to see & interact with that data. Just like it's useful for air traffic controllers & the railroad equivalent to see All traffic, NetWalk is more useful when it can give you the big picture -- the NetWalk site has info on how to do that. Many people on a single machine will find simpler, easier tools just as useful that can sound the alarm if something maybe bad is going on... there is such a thing as getting lost in the midst of too much data... I think many people would much rather have an anti malware app tell them something's suspicious for example, so they can start investigating, instead of spending time doing research to figure out if NetWalk's telling them they have a problem.