Currently, network packet capture technologies are regularly utilized to access data flowing across one or more networks. Such network packet capture technologies may include, but are not limited to, network taps, optical splitters, telephone taps, virtual taps, network monitoring devices, and other network packet capture devices. Network packet capture technologies may be utilized for a variety of purposes, such as, but not limited to, warranted law enforcement taps, network troubleshooting, packet sniffing, and network intrusion detection. In order to capture packets, network packet capture devices may be placed on a network link between two devices, such as on a network link between two routers in a network. As an example, an optical splitter, which may be passive packet capture device, may be placed in a fiber line between a first and a second router, and may be utilized to split an optical signal that is sent over the fiber line by the first router and intended for the second router into two identical data streams. One of the streams may be forwarded to the second router as was intended, however, the second stream may be transmitted to a monitoring device that can process and analyze the data in the optical signal. Based on the analysis of the data, the monitoring device may be utilized to identify faults in a network, assist in troubleshooting of the network, assist law enforcement in identifying packets sent by senders that are subject to a warrant, calculate network performance metrics and statistics, and provide a variety of other features and functions.
Network packet capture for law enforcement purposes typically requires that there be no packet loss for communications that are monitored. However, traditional network packet capture software typically does not participate in protocol exchanges that are being recorded, and, instead, the network packet capture software typically acts as an observer for the communications that the software is monitoring. As a result, if a packet is lost because of temporary spikes in flow rate or volume, or for other reasons, the network packet capture software cannot inform the sender of the packet to resend the lost packet or to use flow-control or back pressure techniques to slow the transmission rate for sending the packets. Often times, a single packet in a communication stream may hold the critical information that law enforcement may use in determining that a criminal activity is occurring or will occur in the future. Currently, techniques for achieving lossless packet capture often require the use of extensive additional hardware resources to compensate for inefficient non-scalable software. As an example, active packet capture devices may be utilized, which include special purpose hardware included within the network element itself. Such active packet capture devices may be programmed to direct certain packets that meet certain criterion, such as criterion specified in a law enforcement warrant, to a storage area. While such technologies are often useful in reducing packet loss, they often require the expenditure of significant amounts of resources, and require the use of a significant amount of legacy equipment.