It depends on what the data is, that you sniff. You can read the ascii text in packets, so if you happen to be sniffing, for example, traffic going to an html login page that isn't ssl encrypted, you might see plaintext passwords, and the like. You might also see, as Ketchup noted, a relevant filename, xss vulnerabilities, or exploitable php script being accessed, etc. Consequently, you might see other ports and services show up in the trace, that you weren't aware of, that are open on the server being queried, so you can then banner grab or research and target attacks that are relevant to the services running on those ports. This is all a learning process, and there are often times, when I'm scanning in this fashion, that I spot new services and ports that I wasn't previously aware of (new stuff, yay!) and I can learn what those services are, and how to exploit them.
It's a process, but one worth learning, as, even if you DON'T pursue security, in the end, you will have a much better knowledge of what goes on within the network in question.
~ hayabusa ~
"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'
OSCE, OSCP , GPEN, C|EH