Deep Packet Capture (DPC) is the practice of capturing complete network packets, including header and payload crossing a given network. Once captured, these packets may be stored for in-depth search and analysis.

Generally, Deep Packet Capture devices have the ability to capture packet data from Layer 2 through Layer 7 and write this data at full line rates to large storage arrays. For extended views or for archival purposes, having the ability to address very large arrays (in excess of 100TBs) is a must.

Deep Packet Capture devices may also have the ability to limit or categorize traffic through the use of ingress and egress filtering. Packet data can then be replayed, at the rate it was captured or at a faster or slower speed to accommodate the speed of the analysis tool.

Deep Packet Capture and storage is used to troubleshoot network outages, pinpoint security breaches, replay actual traffic events, and simplify compliance with internal policies and external legislative mandates. The practice of historical capture and analysis provides the users with context as to why alerts were generated. Combined with DPI and other tools, Deep Packet Capture provides a powerful solution for full network visibility, answering the question "what happenened on my network?"