Packet Peeper Pro Documentation

Back to App

Working with Real Network Data

This guide explains how to ensure Packet Peeper Pro works with real network data instead of relying on synthetic data.

1. Live Packet Capture

Packet Peeper Pro uses PyShark or Scapy libraries to capture live network packets directly from your network interfaces.

# Example tcpdump command

tcpdump -i eth0 -w capture.pcap

2. Flow Collection (NetFlow/IPFIX/sFlow)

Configure your network devices to export flow data:

# Example Cisco router configuration

ip flow-export version 5

ip flow-export destination <PacketPeeper-IP> 9995

ip flow-export source <Router-Interface>

interface GigabitEthernet0/0

ip flow ingress

3. PCAP File Import

Public PCAP repositories with real anonymized data:

Important Considerations

Data Verification

  • Check source and destination IPs
  • Verify protocol distribution
  • Look for expected patterns

Troubleshooting

  • Verify capture privileges
  • Check interface configuration
  • Confirm network positioning
  • Test with broader filters

Security & Privacy

  • Regulatory compliance (GDPR, HIPAA)
  • Anonymize sensitive data
  • Implement access controls
  • Secure stored capture files
  • Data retention policy

Quick Reference

# Common capture filters:

tcp port 80 or tcp port 443

host 192.168.1.100

net 192.168.1.0/24


# Useful commands:

tcpdump -i eth0 -w capture.pcap

tshark -i eth0 -f "tcp port 80" -w http.pcap