Packet Capture: This method captures and inspects network traffic to identify unauthorized downloads or malicious behavior. It provides detailed insight into the data being transmitted, making it the best tool for this scenario.

Anomaly alerts (A): Alerts may indicate unusual activity but do not provide detailed traffic analysis.

Port mirroring (B): Port mirroring can redirect traffic for analysis but requires a packet capture tool for deeper inspection.

Performance monitoring (C): Focuses on system performance metrics, not detailed traffic content.