# Example Packet Capture Placeholder

This is a text placeholder representing where actual `.pcap` files would be stored.

## Real Capture Command

```bash
sudo tcpdump -i any -w dump/nuke_foundry_capture.pcap \
  'host sentry.foundry.com or host learn.foundry.com or host api.honeycomb.io'
```

## Expected Contents

A real packet capture would contain:
- Ethernet/IP/TCP headers
- DNS queries for Foundry domains
- HTTP requests to learn.foundry.com (unencrypted)
- HTTPS handshakes and encrypted payloads to api.honeycomb.io and sentry.foundry.com
- Timing and packet size information

## Analysis Tools

```bash
# View packet summary
tcpdump -r dump/nuke_foundry_capture.pcap

# Extract HTTP requests
tcpdump -r dump/nuke_foundry_capture.pcap -A 'tcp port 80'

# Wireshark analysis
wireshark dump/nuke_foundry_capture.pcap
```

## Privacy Note

Actual `.pcap` files are NOT included in this repository for privacy reasons.
They are automatically ignored by `.gitignore`.