Packet Captures are just that - captures of raw data packets traveling in cyberspace.
Imagine Willy Wonka and the Chocolate Factory, when the TV boy gets zapped into a million pieces.
The data transfers in compressed packets that read like a pile of lego parts and a script telling you how to reassemble them. The final product file is bulky and hard to ship, so you deconstruct it, squish the parts together and give instructions.
Doing this also allows you to move large files in intermittent spurts so network systems aren't bogged down serving a single request at a time.
Anyone can put up a "net" and collect the packets, if you know what "frequency" they are being sent among the millions of other packets other people are also sending.
That's what they have.
Next comes figuring out the instructions. If you know what you're doing, you got that file in the datastream too, otherwise you're mix-and-matching the pieces until you get lucky and find a pattern, which could LITERALLY take a millennia.
Reassemble it and you can reconstruct the file as it was in TRANSIT. If it is encrypted, you have a few more steps to decrypt it -- that is, unless, the packets were already decrypted with the intent to modify them anyway.
Now comes the crux of the matter:
If you capture when the packets LEAVE and ARRIVE from their destinations, you can see if they have been tampered with during the datastream. How that works is, a middle-man server is sent the real packets and has a pre-programmed code that modifies the packets at the COMPRESSION level. That's not small beans, that's top-tier espionage.
Keep in mind, the fact the packets were collected unencrypted is proof Dominion let it leak on purpose.
This is what the VAST majority of experts are waiting for here. If they get the Packet Captures, they can tell if Lindell actually has packets either going TO China or FROM China. If he has both, then they can prove 100% that China tweaked the packets.
If he has anything other than ACTUAL packets that were intercepted from China (which would require putting together a team ahead of time to set up the "net") this whole thing is a wash.
With the vast quantity of information required to not be dismissed as inauthentic packets outright, there are really only three options:
A. He has the receipts and they are legit.
B. Someone who DOES HAVE ACCESS to the real information feed fed him a line of packets data that was modified to intentionally sabotage Lindell's efforts.
C. He doesn't even have ANY data packets at all and this is all coming out of literally thin air (very unlikely).
D. Lindell got the supposed pcaps from notorious con artist Dennis Montgomery, who put a bunch of garbage data into a hex editor in order to milk some cash out of a rich guy who doesn’t know tech & was prepared to believe whatever someone claiming to be a “cyber expert” told him.
I looked at the Dennis Montgomery PCAPs and the excel version being sent around in late November. All garbage.
If I had to guess, they were mostly the guest network at State Farm Arena, most of the "china" traffic was going to TikTok or AWS; all the Russia traffic was kaspersky av updates. A couple of others called this out on the chans, but IIRC, CM noted that was not the dataset in use.
Possible, which is why I'm not too excited about this so far.