Network Packet Capture & Analysis
Packet Capture is a networking term for intercepting a data packet that is crossing a specific point in a data network. Once a packet is captured in real-time, it is stored for a period of time so that it can be analyzed, and then either be downloaded, archived or discarded. Packets are captured and examined to help diagnose and solve network problems such as:
- Identifying security threats
- Troubleshooting undesirable network behaviors
- Identifying network congestion
- Identifying data/packet loss
- Forensic network analysis
Packet capture can be performed in-line or using a copy of the traffic that is sent by network switching devices to a packet capture device.
Full Packet Capture
Entire packets or specific portions of a packet can be captured. A full packet includes two things: a payload and a header. The payload is the actual contents of the packet, while the header contains metadata, including the packet's source and destination address.
Packet Capture Analysis
Analysis of packet capture data typically requires significant technical skills, and often is performed with tools such as Wireshark.