In computer and network security, packet captures (PCAPs), which record packets sent between networked computers, are a useful tool that provide forensic detail. However, modern networking equipment has advanced to handle speeds exceeding 40-100 Gbps/sec and the increased speeds have made it difficult for network security devices and input/output (I/O) storage devices to keep pace. Further, network security devices deployed to monitor large virtual environments comprising potentially multitudes of virtualized computers (e.g., virtual machines (VMs), containers) have found it impractical if not infeasible to capture all network traffic and store it for tracing purposes.
As is evident, there is a demand for improved approaches for network tracking, storage, and analysis.