Packet Capture - Uses

Uses

The versatility of packet sniffers means they can be used to:

• Analyze network problems
• Detect network intrusion attempts
• Detect network misuse by internal and external users
• Documenting regulatory compliance through logging all perimeter and endpoint traffic
• Gain information for effecting a network intrusion
• Isolate exploited systems
• Monitor WAN bandwidth utilization
• Monitor network usage (including internal and external users and systems)
• Monitor data-in-motion
• Monitor WAN and endpoint security status
• Gather and report network statistics
• Filter suspect content from network traffic
• Serve as primary data source for day-to-day network monitoring and management
• Spy on other network users and collect sensitive information such as login details or users cookies (depending on any content encryption methods that may be in use)
• Reverse engineer proprietary protocols used over the network
• Debug client/server communications
• Debug network protocol implementations
• Verify adds, moves and changes
• Verify internal control system effectiveness (firewalls, access control, Web filter, Spam filter, proxy)

Packet capture can be used to fulfill a warrant from a law enforcement agency (LEA) to produce all network traffic generated by an individual. Internet service providers and VoIP providers in the United States of America must comply with CALEA (Communications Assistance for Law Enforcement Act) regulations. Using packet capture and storage, telecommunications carriers can provide the legally required secure and separate access to targeted network traffic and are able to use the same device for internal security purposes. Collection of data from a carrier system without a warrant is illegal due to laws about interception.