Back to glossary

Packet Capture

The process of intercepting and logging traffic as it passes over a digital network.

AbbreviationPCAP
Categorynetwork

Overview

Packet capture (often called 'sniffing') provides the most granular level of network visibility. It records the actual bits and bytes of every packet, allowing for deep analysis of protocols and application behavior.

Methods

  • Network Tap: A physical device inserted into a cable that copies all traffic.
  • SPAN/Mirror Port: A feature on a switch that copies traffic from one or more ports to a monitoring port.
  • Software-based: Using tools like tcpdump or Wireshark on a specific host.

Use Cases

  • Troubleshooting complex application issues.
  • Forensic analysis after a security breach.
  • Identifying the root cause of intermittent network problems.

Related Terms

TcpdumpNetwork Visibility