Packet Captures are just that - captures of raw data packets traveling in cyberspace.
Imagine Willy Wonka and the Chocolate Factory, when the TV boy gets zapped into a million pieces.
The data transfers in compressed packets that read like a pile of lego parts and a script telling you how to reassemble them. The final product file is bulky and hard to ship, so you deconstruct it, squish the parts together and give instructions.
Doing this also allows you to move large files in intermittent spurts so network systems aren't bogged down serving a single request at a time.
Anyone can put up a "net" and collect the packets, if you know what "frequency" they are being sent among the millions of other packets other people are also sending.
That's what they have.
Next comes figuring out the instructions. If you know what you're doing, you got that file in the datastream too, otherwise you're mix-and-matching the pieces until you get lucky and find a pattern, which could LITERALLY take a millennia.
Reassemble it and you can reconstruct the file as it was in TRANSIT. If it is encrypted, you have a few more steps to decrypt it -- that is, unless, the packets were already decrypted with the intent to modify them anyway.
Now comes the crux of the matter:
If you capture when the packets LEAVE and ARRIVE from their destinations, you can see if they have been tampered with during the datastream. How that works is, a middle-man server is sent the real packets and has a pre-programmed code that modifies the packets at the COMPRESSION level. That's not small beans, that's top-tier espionage.
Keep in mind, the fact the packets were collected unencrypted is proof Dominion let it leak on purpose.
This is what the VAST majority of experts are waiting for here. If they get the Packet Captures, they can tell if Lindell actually has packets either going TO China or FROM China. If he has both, then they can prove 100% that China tweaked the packets.
If he has anything other than ACTUAL packets that were intercepted from China (which would require putting together a team ahead of time to set up the "net") this whole thing is a wash.
With the vast quantity of information required to not be dismissed as inauthentic packets outright, there are really only three options:
A. He has the receipts and they are legit.
B. Someone who DOES HAVE ACCESS to the real information feed fed him a line of packets data that was modified to intentionally sabotage Lindell's efforts.
C. He doesn't even have ANY data packets at all and this is all coming out of literally thin air (very unlikely).
Another way to describe it...
It's an envelope. Envelopes have an address, where I came from, and data inside. That's a packet.
Not sure why no one is saying it this way. Super simple, y'all.
Have the PCAPs mean they have all the envelopes flowing to/from a specific place. Think of this like having access to the central processing location for your mail service. They have that entire building, only they also know what was in the envelopes, provided they weren't encrypted.
True. But it is a bit more than just that.
You're also taking a big thing and chopping it up, then sending those packets one at a time.
So, it's like taking a house apart and sending a brick at a time.
That way, the highway you are trying to move the house on doesn't prevent all the cars from passing by because a literal house is taking up all lanes.
It's more complex, absolutely. But for non-technical people, they need it the most simple terms.
Everyone understands when you say, they opened the envelope and read the letter. Or they saw where it was addressed to and where it came from.