Can AI Parse Packet Captures?
Techstrong.IT, Tuesday, September 2nd, 2025
I have to admit that if Ward Cobley of VIAVI ever decides to start a second career as a comedian he's going to do very well. His delivery is spot on and the subject he discussed at Tech Field Day Extra at Cisco Live US 2025 was humorous in a non-traditional way. It did get me to start thinking about the limitations of LLMs when it comes to packet capture analysis.
Ward and the VIAVI team had a simple goal in mind. Feed a packet capture to the most popular LLMs and ask it to find any issues. The fact that there was most definitely an issue in the packet capture ensured that there should be some output. In particular it was a 132-second delay in a server response to a client request. In the world of TCP, two minutes and seventeen seconds might as well be an eternity.
The first problem that came up was that most LLMs can't take a raw packet capture file, or PCAP, and digest it. As smart as AI might be it doesn't have a way to decode that information despite how ubiquitous Wireshark has become in the networking industry. That means you're going to have to convert your PCAP to something like JSON. That is its own special kind of nightmare.