Packet captures can contain credentials, tokens, and sensitive payload metadata.
¶ Capture Privilege and Host Security
- Limit capture rights to approved operators/groups only.
- Use dedicated capture hosts for high-sensitivity environments.
- Avoid running packet analysis tools as root when not required.
¶ Data Handling and Privacy
- Treat
.pcap files as sensitive data and encrypt at rest.
- Apply retention limits and secure deletion policies.
- Redact or filter sensitive packets before sharing traces.
- Keep Wireshark dissectors updated to reduce parser exposure.
- Open untrusted captures in isolated analysis environments.
- Disable unnecessary external name resolution during analysis.