1 | initial version |
Nowadays, a lot of traffic is encrypted. So, a full packet capture is not very useful.
Packet slicing could be an option, if this is just for fault analysis and not for network forensics. This gives you all the metadata you need to investigate packet drop, delay etc. Of course it is not helpful, if an analysis of SSL/IPsec/other protocol handshake errors is required.
Trace Wrangler is very helpful once you end up with that big chunk of pcaps.