Passive Packet Capture
In every situation where I've wanted to monitor a device's packets for troubleshooting or analysis purposes in the past 25 years, I've always listened to a single interface that I knew the packets were traversing. This works great for completely controlled environments in short bursts, but what if you wanted to provide some guarentees that all packets leaving the monitor were being captured?
In otherwords, what is the cost of analysis when packets are permitted to traverse the network without you knowing about them? How do we prevent this?