It is common to see many SOCs (Security Operations Centers) wanting a packet capture of a recent event to trace down some network activity either part of an attack or an investigation. A file format called PCAP is a good way to store network data on the disk. However no one can afford to store PCAP forever, so a rolling packet capture depending on your network bandwidth is a very viable way to collect and store PCAP.
