Packet Capture

What is Packet Capture and how is it used?

Packet Capture is a networking term for intercepting a data packet that is crossing a specific point in a data network. Once a packet is captured in real-time, it is stored for a period of time so that it can be analyzed, and then either archived or discarded. Packets are captured and examined to help diagnose and solve network problems such as:

  • Identifying security threats
  • Troubleshooting undesirable network behaviors
  • Identifying network congestion
  • Identifying data/packet loss
  • Forensic network analysis

Packet capture can be performed in-line or using a copy of the traffic that is sent by network switching devices to a packet capture device.

Entire packets or specific portions of a packet can be captured. A full packet includes two things: a payload and a header. The payload is the actual contents of the packet, while the header contains metadata, including the packet's source and destination address.

Analysis of packet capture data typically requires significant technical skills, and often is performed with tools such as Wireshark.