They can track when you're on the network, and every place you connect to from that network. They can also track what sort of connections you are making - like is it web browsing, internet radio streaming, games, bittorrent, etc.

For unencrypted traffic - for example normal web browsing, where address begins with "http" - they can also track the contents of that traffic. That means they can read everything you send or get from the net. They may not be allowed to do this sort of deep tracking, though, but it certainly is possible. As a sidenote, on a wireless network pretty much anyone else on the same network can do this too, without being detected... there's something to think about. :)

For encrypted traffic - for example web banking, or shopping where address begins with "https" - they can still track where you are connecting to, for how long, and what sort of traffic it is. But they can't ever read the contents, even if they would be allowed to. There's just no way to do it.

As for their rights to track, that's a mess I don't want to step into.(*) However from a technical standpoint, it is quite reasonable to limit heavy traffic uses, such as file-sharing, high-quality TV streaming, and such, so the network that is meant for everyone doesn't get overburdened because of few users hoarding the bandwidth.

(*) Sorry, in fact I do want to step into it. If you ask me, the university has no right whatsoever to sniff what people are doing, other than for maintenance purposes. The one exception is when they have a reason to suspect someone of serious crime. Alas, not everyone agrees with me, though, most notably the law and practices in many countries...

In general, they have control over what you do on their network. They are most definitely using some enterprise equipment, probably Cisco PIX firewalls, which have capabilities to perform deep packet inspection. Using this they can see what type of data you are sending on the network.

If you plan on doing any online transactions, ensure the website has negotiated a HTTPS connection. If you are logging into websites that do everything over HTTP, other WiFi users can decrypt your data and see things sent in plain text.

John T's answer is correct; if the University wants, they can read & catalog any unencrypted packet you transmit or receive across their network, regardless of whether you're using wired or wireless. (And even encrypted packets can be read and stored; they just won't be legible without the key.) Your plaintext communications are also vulnerable to snooping from someone unscrupulous who has access to the Uni's network equipment.

The main security issue with unencrypted wireless is that, unlike wired connections, your packets can be read by another user within physical range of your wireless card -- not just the Uni or someone with access to their equipment. Here again, encrypted transactions are better protected -- where HTTP requests can be read immediately, HTTPS is much safer. If you're going to shop, make sure you're shopping on sites that use SSL.