Analyze PCAP
Free public analysis for sanitized PCAPs

Wireshark on the web.

Upload .pcap or .pcapng captures and inspect HTTP, DNS, credentials, files, and host relationships — no desktop install required.

Upload PCAP freeExplore features

Built for analysts — dark mode by default

Analysis modes

Pick the mode that fits your capture.

Public analysis for sanitized traces. Private and on-prem options for sensitive incident and enterprise workloads.

Free

Public analysis

Best for sanitized traces, labs, and quick checks where a shareable result is acceptable.

  • No signup required
  • Upload and inspect immediately
  • Ideal for learning and evaluation
Upload PCAP free
Coming soon

Private workspace

For captures with internal hosts, credentials, customer traffic, or active incident evidence.

  • Results stay private
  • Built for SOC and DFIR teams
  • Ephemeral or retained storage options
Learn more
Roadmap

On-prem deployment

For regulated or air-gapped environments where captures cannot leave your infrastructure.

  • Keep PCAP inside your boundary
  • Restricted network support
  • Enterprise evidence handling
Contact us

What you get

Get to the useful parts of a capture faster.

Automated triage removes boring reconstruction work so you can focus on decisions — not packet-by-packet clicking.

Reconstruct HTTP sessions

Inspect requests, responses, headers, and transferred content without stepping through raw packets one by one.

Move from packet capture to analyst-readable evidence in minutes — ideal for phishing reviews and web traffic triage.

Map hosts and services

See which hosts communicated, which services were exposed, and how infrastructure relates in a communication graph.

Passive fingerprints and protocol hints surface DNS, DHCP, LDAP, and other service activity automatically.

Extract files and payloads

Pull images, documents, and HTTP payload artifacts out of flows without manual reconstruction.

Quick previews confirm whether a capture contains useful artifacts before deeper manual analysis.

Find credential exposure

Scan for plaintext credentials and auth material across HTTP Basic, FTP, Telnet, NTLM, Kerberos, LDAP, and database protocols.

Wireless artifact review

Extract SSIDs, probe requests, and handshake artifacts from wireless captures for RF-focused investigations.

Spot triage-worthy events

Highlight scans, insecure credential use, and anomalies so analysts start with signal, not noise.

See full feature list →

Frequently asked questions

Privacy, formats, and how public analysis differs from private workspaces.

Analyze your first PCAP in under a minute.

Free for sanitized captures. Private workspaces for incident data and anything that should not be public.

Upload PCAP free