What Does Packet Capture Mean?
Packet capture is a computer networking term for intercepting a data packet that is crossing or moving over a specific computer network.
Once a packet is captured, it is stored temporarily so that it can be analyzed. The packet is inspected to help diagnose and solve network problems and determine whether network security policies are being followed.
Hackers can also use packet capturing techniques to steal data that is being transmitted over a network.
Techopedia Explains Packet Capture
Network managers analyze and manage overall network traffic and performance. To examine and capture real-time running packets over a network, different packet capturing techniques are used.
One type of packet capturing is filtering, in which filters are applied over network nodes or devices where data is captured. Conditional statements determine which data is captured. For example, a filter might capture data coming from ABC route and having W.X.Y.Z IP address.
Instead of filtering a specific portion of a packet, complete packets can also be captured. The full packet includes two things: a payload and a header. The payload is the actual contents of the packet, while the header contains extra information, including the packet's source and destination address. The different applications and uses of data capturing include the following:
- Security: Data capturing is used to identify security flaws and breaches by determining the point of intrusion.
- Identification of Data Leakage: Content analysis and monitoring helps to ascertain the leakage point and its sources.
- Troubleshooting: Managed through data capturing, troubleshooting detects the occurrence of undesired events over a network and helps solve them. If the network administrator has full access to a network resource, he can access it remotely and troubleshoot any issues.
- Identifying Data/Packet Loss: When data is stolen, the network administrator can retrieve the stolen or lost information easily using data capturing techniques.
- Forensics: Whenever viruses, worms or other intrusions are detected in computers, the network administrator determines the extent of the problem. After initial analysis, she may block some segments and network traffic in order to save historical information and network data.