As network environments grow in complexity, speeds, and feeds, packet analysis gets increasingly difficult. In this session, we'll look at how artificial intelligence can change the game, including automating anomaly detection, accelerating root cause analysis, and revealing patterns in network traffic that might otherwise go unnoticed. We'll examine how AI fits into your current troubleshooting workflow, where it's reliable, and where we need to validate its findings. Can AI really spot the issues you care about? How do you know when to trust it--and when to take a second look? Whether you're a network engineer, a security analyst, or anyone responsible for performance and uptime, you'll walk away from this session with practical guidance on using AI to streamline manual tasks, improve accuracy, and gain deeper insight into network behavior.

Ward Cobleigh and Chris Greer discussed the current state of AI-driven packet analysis, particularly focusing on how popular Large Language Models (LLMs) handle PCAP data. They presented a small, deliberately crafted PCAP file with one significant anomaly (a 132-second server response time) to various LLMs, including Claude, Sonnet 4, GPT, Copilot, and Gemini (OG and 2.5 Pro preview). Their findings revealed mixed results: Claude provided generic guidance without direct answers, Sonnet 4 acknowledged limitations and suggested using specialized tools, and GPT, despite an initial "helpful" demeanor, struggled to pinpoint the 132-second delay and even hallucinated a NASDAQ transaction. Copilot, while initially limited by a small data intake (only 20 frames), ultimately proved effective in identifying the delay and offering a comprehensive troubleshooting plan. Gemini 2.5 Pro preview, however, stood out as the most capable, accurately identifying the issue, providing detailed analysis, and formulating well-structured hypotheses and troubleshooting steps, even suggesting checking application logs over general server logs.

Chris Greer elaborated on practical uses for AI in packet analysis, such as gaining additional context on filtered captures (e.g., IP addresses, domains, protocols) and assisting with complex T-shark commands or regular expressions. He also highlighted the benefit of AI in identifying issues that might be missed due to hyper-focus on a specific conversation. However, significant challenges remain, primarily the limited amount of data LLMs can currently process (most struggled beyond 200 packets, with Copilot maxing out at 20 frames and Selector AI at 5 MB). The speakers emphasized the critical need for sanitizing PCAP data before uploading it to cloud-based LLMs due to the sensitive nature of network traffic. Despite current limitations, they concluded that AI for packet analysis is rapidly evolving, with purpose-built AI tools like Selector.ai's Packet Copilot and Packet Safari Copilot showing immense promise, and that effective prompt engineering remains crucial for extracting meaningful insights from LLMs.

Presented by Ward Cobleigh, Senior Product Line Manager, and Chris Greer, Chief Packet Head, Packet Pioneer. Recorded live at Tech Field Day Extra at Cisco Live in San Diego, CA on June 11, 2025. Watch the entire presentation at https://techfieldday.com/appearance/viavi-presents-at-tech-field-day-extra-at-cisco-live-us-2025/ or visit https://techfieldday.com/event/clus25/ or https://VIAVISolutions.com for more information.