Packet captures are the most detailed and revealing form of network data available to defenders—showing not just what happened, but exactly how it happened, byte by byte. In this episode, we explain how tools like Wireshark and tcpdump allow analysts to capture and inspect network packets for signs of malicious activity, protocol abuse, data leakage, and command-and-control traffic. We explore how to filter packet data by source, destination, port, and protocol to isolate relevant conversations, as well as how to use packet captures to validate alerts from IDS, SIEMs, or endpoint tools. Packet captures also play a crucial role in digital forensics, helping reconstruct timelines, trace lateral movement, and confirm whether sensitive data was exfiltrated. While powerful, packet analysis requires both technical skill and careful legal consideration, particularly when capturing internal communications or customer data. When used responsibly, packet captures provide unmatched visibility into what attackers are really doing on your network.