PCAP (packet capture)
Definition
A file format (and the process of creating it) that records every byte of every network packet passing a capture point, including headers and payload. Provides the most complete possible network evidence but generates large volumes of data and raises interception-law considerations in many jurisdictions.
Related terms
- DHCP lease log
- A record maintained by a Dynamic Host Configuration Protocol server that maps each IP address assignment to the requesting device's MAC address,...
- Intrusion Detection System (IDS)
- A network or host-based monitoring system that analyses traffic or system behaviour against a rule set (signature-based) or a statistical baseline (anomaly-based)...
- NetFlow
- A network protocol (originally Cisco, now standardised as IPFIX under RFC 7011) that records metadata about IP traffic flows: source and destination...
- RADIUS log
- An authentication, authorisation, and accounting record produced by a Remote Authentication Dial-In User Service server. Each entry records the username, authenticating device...
- Syslog
- A standardised protocol (RFC 5424) for transmitting log messages from network devices to a centralised log server. Routers, switches, firewalls, and servers...
Explained in
- Network Evidence Sources and Their Forensic ValueA file format (and the process of creating it) that records every byte of every network packet passing a capture point, including headers and payload. Provides...