Talk:Packet capture

WP:NOR
WP:NOR "Wikipedia does not publish original research or original thought. This includes unpublished facts, arguments, speculation, and ideas; and any unpublished analysis or synthesis of published material that serves to advance a position." This article must have links to credible references for all the claims that are made. I would be very happy to help you get this article up to Wikipedia standards. I will mark all the places the article needs a reference with a tag. Please read-up how to properly cite the article here:  WP:REF. Kgrr (talk) 19:41, 12 March 2008 (UTC)

WP:EL
WP:EL Concerning the external link to dPacket.org, Wikipedia is not a collection of links. The main page at dPacket.org does not contain any material that can be referenced in Wikipedia. Good sources for references are Journal articles, books, and published magazine articles. Since dPacket.org is not published, has no bylines and the articles are not dates, it falls under a blog. Blogs are not valid for references at Wikipedia. Again, I will help you get the article up and going, we just need to follow the guidelines. Kgrr (talk) 19:41, 12 March 2008 (UTC)

Removal of Deep Packet Capture Focused Companies section

 * Endace
 * Napatech
 * Niksun
 * Network General
 * NetScout
 * nPulse Networks
 * Solera networks

I have removed the Deep Packet Capture Focused Companies section because Wikipedia is specifically not a collection of links. The preferred way to link together the Deep Packet Capture focused companies and related Wikipedia pages is by using a category. So I have set up a category called "Deep Packet Capture" and placed that category in the bottom of all the notable DPC manufacturers with a Wikipedia page and this article. If the other companies are notable, then they should have their own Wikipedia pages built and have the category "Deep Packet Capture" added. The "notable" gets us around having to manage an ever growing or changing list of Deep Packet Capture manufacturers or related pages. Having a category controls the amount of maintenance you need.Kgrr (talk) 10:46, 13 March 2008 (UTC)

Short-term capture and analysis vs. historical capture and analysis
Why does this section talk about DPI and not DPC? Kgrr (talk) 11:15, 15 March 2008 (UTC)"
 * I answered my own question. It deals with the question "You have captured the data.  Now what do I do with it?"Kgrr (talk) 18:51, 15 March 2008 (UTC)

PROD
This article has been marked for deletion by 166.70.238.44

NO - Asolutely not.

Deep packet capture means capturing and storing entire streams of data coming into or going out of a server for either real time or later analysis. Think of a data tivo. Solera Networks is the leading hardware vendor of deep packet capture equipment that can do this in real time for a very large bandwidth pipe. An other vendors in the space is Network Instruments. Deep packet capture is used to capture packets at wireline speeds for lawful data intercept, forensics, and real time analysis...

Wireshark and NetScout are software product that can do deep packet capture for a much smaller data channel.

Network monitoring on the other hand, pings a server with a variety of protocols and checks for liveness or performance on a regular basis. If a failure is detected, the problem is reported to the NOC via e-mail, page, etc.

These are two different functions entirely.Kgrr (talk) 15:17, 1 April 2008 (UTC)


 * No they are not different. Network monitoring and deep packet capture are the same thing.  This article is nothing more than advertising and a collection of paid links.  —Preceding unsigned comment added by 166.70.238.44 (talk) 17:32, 1 April 2008 (UTC)


 * I completely disagree. Please read my text above for the difference.  The links point to real articles and have valid references.
 * From the edits you have made to the Solera Networks article but have erased, it's very clear that you are angry about the founders, a lawsuit or some other private matter and you are taking it out on this article and me. Why don't you drop this whole thing and relax?
 * Please use a real userID when making brash accusations like this one. I don't appreciate your April fools joke. Kgrr (talk) 19:36, 1 April 2008 (UTC)


 * No, I know about this company and its director of Marketing (who is named Alan) and its COO (Who is named James) and some of their postings on off site blogs about how they are playing Wikipedia like cheap flute.
 * I reverted the prod request made by 166.70.238.44, a Jeffrey Vernon Merkey sockpuppet. End of story. Kgrr (talk) 09:27, 4 April 2008 (UTC)

Merge with Network monitoring

 * I reverted the merge request with Network monitoring article. 166.70.238.44 is a Jeffrey Vernon Merkey sockpuppet.  Case closed. Kgrr (talk) 09:28, 4 April 2008 (UTC)

Advert
I am toning down this article so that it does not read like an advert. It looks as if some one was trying to create a promotional piece. I have also renamed it so that it will not match so closely the proprietary names in use.

And by the way packet capture is only one tool that could be used in network monitoring, the articles should not be merged. Graeme Bartlett (talk) 21:27, 1 April 2008 (UTC)


 * Deep packet capture is not a proprietary name. It's used by several companies in the industry.  Thanks for your edits.Kgrr (talk) 09:32, 4 April 2008 (UTC)

Funny missing...
Its funny that no where in the article does it mention that your NIC ( network Interface card ) has to posess a promiscuous mode, to capture out of order streams for CS/MDA networks. This is well known both by the software programmers, and security experts. Show this article to a security expert plz... —Preceding unsigned comment added by 67.174.157.126 (talk) 05:57, 25 April 2008 (UTC)
 * You don't have to have a promiscuous NIC card. You can have a hub, a switch with a span port, or an appliance that does it, etc. Kgrr (talk)
 * How can you do it with just a Hub? I have done it with a appliance, asd well as with a switch with a span port, but not with a Hub. 67.174.157.126 (talk) 07:45, 30 April 2008 (UTC)
 * I've done it with a hub plenty of times. (Note a hub, not a switch) Hubs don't have any smarts or mac addresses.  Packets coming in are split - one into your capture device, the other where it was going before.  BTW, you can also do it with a split fiber.Kgrr (talk) 16:17, 30 April 2008 (UTC)
 * 67 is correct, to capture all the packets you need to set promiscuous mode on the NIC card, otherwise it will ignore mac addresses that do not match its own. But it may not need to be in this article. Graeme Bartlett (talk) 22:37, 30 April 2008 (UTC)

"Deep" packet capture?
Does deep packet capture really mean nothing more than "packet capture with no slicing, so you get the entire content of the packet, not just the first up-to-N-bytes"? I.e., doing what, at least when writing to a binary capture file:


 * tcpdump does with "-s 65535" or, in newer versions, "-s 0";


 * snoop does by default;


 * Wireshark/TShark/dumpcap does by default;


 * Microsoft Network Monitor does by default;


 * many, perhaps most, possibly all other packet sniffers do by default? Guy Harris (talk) 19:24, 21 June 2009 (UTC)


 * Or does it, instead, mean "packet capture with no slicing at wire speed on fast networks without dropping packets"? Just capturing the entire packet isn't hard - as indicated, it's what a lot of packet sniffers do by default, and what tcpdump does with the right command-line flag - so I'm not sure it would deserve "deep" added to its name, but doing so at high speed without dropping packets is harder, so that might be more worthy of having a special name such as "deep packet capture". Guy Harris (talk) 17:56, 23 June 2009 (UTC)


 * It pretty clearly means the latter; just "capturing the headers and the payload" is not, in and of itself, something fancy and "deep"; as noted, most packet analyzers can do that. Page updated to use "deep" only where appropriate and to note what it really means. Guy Harris (talk) 03:10, 27 January 2011 (UTC)