“Networks are complex, and always changing. Trying to troubleshoot them – or find the cause of a breach – can be a huge undertaking, but this task can be made much easier if packet data is available. You can learn a tremendous amount from a single data packet. Just from the header you can determine who the sender and receiver are, the general characteristics of the communication – whether TCP (receipt acknowledgement requested), UDP (just make the best effort), or RTP (time-critical so resending just isn’t practical), and even a clue about the packet contents based on the port used to send the traffic, like Secure or Remote Shell (SSH or RSH), HTTP, and thousands of others.”
Read Jay’s full article here.