Upload a pcap or basic pcapng capture to inspect packet-level activity without leaving the browser workflow. The tool extracts packet summaries, protocol counts, top IPs, top ports, simple sessions, and a coarse packet timeline.
What the tool can currently detect:
- Ethernet frames carrying IPv4
- TCP and UDP transport packets
- Simple HTTP request/response detection from TCP payload prefixes
- Basic DNS detection on port 53 with question-name extraction
- Session grouping by protocol + source/destination IP and port tuple
How to fill the fields:
- PCAP File: upload a .pcap file, or a basic .pcapng file with Ethernet packets
- Protocol Filter: narrow the report to all packets, or only TCP, UDP, HTTP, or DNS summaries
- IP Filter: optionally focus on traffic involving one IPv4 address
- Export Format: choose JSON or CSV for the filtered packet summaries shown in the report
How to read the report:
- Packets is the number of packets after filtering
- Protocols is the number of distinct detected protocol labels in the filtered view
- Sessions counts grouped flows based on protocol and endpoint tuple
- Top IPs and Top ports show the busiest addresses and ports
- Timeline groups packets by second so bursts are easy to spot
- Export preview shows the same filtered records in JSON or CSV form for copy/export workflows
Current scope and limits:
- Focuses on Ethernet + IPv4 captures
- Does not fully decode TLS, IPv6, ARP, ICMP, reassembly, or deep application payloads
- pcapng support is practical but intentionally basic
- This is meant for fast triage and summary analysis rather than a Wireshark replacement