packet capture

Packet capture has long been used by network operators, but a variety of challenges have limited its effectiveness in security and threat detection. In large networks, packet capture can collect terabytes of packet data, and sifting through that data for evidence of an intrusion can take a long time…

All too often we networkers spend our time defending the network not only from security threats but from blame as the root cause (actual or perceived) of performance problems. The network is guilty until proven innocent. So how do we counter these arguments, put the issue to rest, and uphold the int…

Prologue The Compressed Pcap Packet Indexing Program (cppip) is a tool to enable extremely fast extraction of packets from a compressed pcap file. This tool is intended for security and network folk who work with large pcap files. This article provides a complete discussion of the tool and is split…