A computer-based method for providing information about a potential security incident ascertained from received internet protocol (IP) packets is described. The method includes capturing IP packets from a computer network, stripping packet header data from the captured IP packets, reviewing the stripped packet header data for multiple occurrences of matching packet header data, and storing, in a database, only a single instance of packet header data for any reviewed packet header data that is determined to have occurred multiple times.