packet capture

April 3, 2017


Harnessing the Power of NetFlow and Packet Analysis

3 min read

NetFlow contains network traffic metadata (time, date, IP addresses, port number, etc.). Packet capture retains the packet payload, including user and application information. Together, they allow investigators to be more responsive to threat activity.

January 12, 2015


It’s Not The Network

2 min read

All too often we networkers spend our time defending the network not only from security threats but from blame as the root cause (actual or perceived) of performance problems. The network is guilty until proven innocent. So how do we counter these arguments, put the issue to rest, and uphold the integrity of the network? […]

April 30, 2013


Tools of the Trade: The Compressed Pcap Packet Indexing Program

15 min read

The Compressed Pcap Packet Indexing Program (cppip) is a tool to enable extremely fast extraction of packets from a compressed pcap file. This tool is intended for security and network folk who work with large pcap files. This article provides a complete discussion of the tool and is split into two parts.