Today's networks are complex, as the following diagram shows. An enterprise network provides connectivity, data applications, and services to the clients on the network:

Most LANs are heterogeneous, with various operating systems such as Windows, Linux, and macOS, along with a mixture of devices, such as softphones, tablets, laptops, and mobile devices. Depending on business requirements, the network may include wide area network connectivity along with telephony.

To effectively use packet analysis, placement is key. All traffic is not created equally. Depending on placement, you may only capture a portion of the total network traffic. If the packet sniffer is on a host or end device, then it will be able to see the traffic on the segment's collision domain. If the sniffer is mirroring all traffic on a backbone, then it will be able to see all the traffic.

In certain instances, you may need to perform packet analysis on an individual host, such as a PC, to only monitor traffic destined to that host, or on a switch to see the traffic as it passes through the switchports.