Network Capture

Discover's Network Capture software runs on one or more dedicated capture servers.

The following terms apply to the capture process:

  • Switch - The switch is a hardware device that routes all incoming and outgoing data packets between your visitors' computers and your web servers. Typically, switches are configured using a hardware option called a https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html, which delivers a copy of every HTTP packet to the capture server.
  • Packet - The TCP/IP protocol organizes interaction between computers into packets. An individual Web page may be broken down into many packets, each transmitted individually between computers. The capture server typically monitors millions of packets traveling nearly simultaneously between your Web servers and visitors' computers. These packets may arrive in any order and sometimes must be retransmitted. The capture server can be configured to ignore packets that are not of interest, such as email messages or packets sent to IP addresses of servers not hosting the website.
  • Request - The HTTP protocol defines a request as a message requesting a response from one computer to another. The capture server collects all HTTP data to recreate the request and response traffic.
  • Response - A response is the return message to a computer, which has made a request. After capturing a request, the capture server then processes and assembles packets in search of the response to it.
  • Hit - A hit is defined as a request and the corresponding response to it. After the hit has been collected, the Network Capture software can scan the data to see if the hit is of interest. For example, images that appear on every web page are not very interesting and may be discarded. Also, sensitive information such as usernames, passwords, and credit card numbers can be deleted. After removing unwanted data, the Capture software securely transmits the hit data to the Processing Server.
  • SSL - Many website interactions are encrypted to protect the data from being read or manipulated by third parties. The Capture software has to decrypt the data in order to match requests and responses. Typically, the Capture software is configured to re-encrypt the software using SSL for transmission to the processing servers.