Network Packet Analyzer

Parse pcap and basic pcapng captures, surface protocol hierarchy and session statistics, and export filtered packet summaries

Upload a pcap or basic pcapng capture to inspect packet-level activity without leaving the browser workflow. The tool extracts packet summaries, protocol counts, top IPs, top ports, simple sessions, and a coarse packet timeline.

What the tool can currently detect:

  • Ethernet frames carrying IPv4
  • TCP and UDP transport packets
  • Simple HTTP request/response detection from TCP payload prefixes
  • Basic DNS detection on port 53 with question-name extraction
  • Session grouping by protocol + source/destination IP and port tuple

How to fill the fields:

  • PCAP File: upload a .pcap file, or a basic .pcapng file with Ethernet packets
  • Protocol Filter: narrow the report to all packets, or only TCP, UDP, HTTP, or DNS summaries
  • IP Filter: optionally focus on traffic involving one IPv4 address
  • Export Format: choose JSON or CSV for the filtered packet summaries shown in the report

How to read the report:

  • Packets is the number of packets after filtering
  • Protocols is the number of distinct detected protocol labels in the filtered view
  • Sessions counts grouped flows based on protocol and endpoint tuple
  • Top IPs and Top ports show the busiest addresses and ports
  • Timeline groups packets by second so bursts are easy to spot
  • Export preview shows the same filtered records in JSON or CSV form for copy/export workflows

Current scope and limits:

  • Focuses on Ethernet + IPv4 captures
  • Does not fully decode TLS, IPv6, ARP, ICMP, reassembly, or deep application payloads
  • pcapng support is practical but intentionally basic
  • This is meant for fast triage and summary analysis rather than a Wireshark replacement

Example Results

1 examples

Inspect a DNS-heavy packet capture

Rank the busiest IPs and ports, then export only the DNS summaries for further review.

Packet analysis report
View input parameters
{ "protocolFilter": "dns", "exportFormat": "json" }

Click to upload file or drag and drop file here

Maximum file size: 30MB Supported formats: application/octet-stream, application/vnd.tcpdump.pcap, application/*, .pcap, .pcapng

Key Facts

Category
Developer & Web
Input Types
file, select, text
Output Type
html
Sample Coverage
4
API Ready
Yes

Overview

The Network Packet Analyzer is a browser-based utility designed for fast triage of .pcap and basic .pcapng capture files. It extracts packet summaries, protocol counts, top IPs, and session statistics without requiring heavy desktop software. Users can filter traffic by protocol or specific IPv4 addresses and export the resulting packet summaries as JSON or CSV for further analysis.

When to Use

  • When you need to quickly inspect a packet capture file without installing heavy desktop analysis software.
  • When isolating specific HTTP or DNS traffic from a noisy network capture to troubleshoot connectivity issues.
  • When extracting a list of top communicating IP addresses and ports to include in a security or network audit report.

How It Works

  • Upload a standard .pcap or basic .pcapng file containing Ethernet and IPv4 packets.
  • Select a protocol filter (TCP, UDP, HTTP, or DNS) and optionally enter a specific IPv4 address to narrow down the traffic.
  • Review the generated HTML report, which displays packet counts, top IPs, active ports, and a coarse timeline of network bursts.
  • Choose JSON or CSV as the export format to copy or download the filtered packet summaries for external use.

Use Cases

Triaging a suspicious network capture to identify the most active source and destination IP addresses.
Filtering a large capture file to extract only DNS queries and responses for domain resolution troubleshooting.
Converting raw packet capture summaries into a structured CSV or JSON format for ingestion into a custom dashboard.

Examples

1. Extracting DNS Queries from a Capture

System Administrator
Background
A server is experiencing intermittent resolution failures, and the admin has captured a brief network trace.
Problem
Need to quickly see which domains the server is trying to resolve without parsing the entire capture manually.
How to Use
Upload the capture file, set the Protocol Filter to 'DNS', and set the Export Format to 'JSON'.
Example Config
Protocol Filter: DNS
Export Format: JSON
Outcome
The report filters out all non-DNS traffic, displaying the top queried domains and providing a JSON array of DNS packet summaries.

2. Isolating Traffic for a Specific Endpoint

Security Analyst
Background
An alert flagged a specific workstation (192.168.1.50) for unusual network behavior.
Problem
Need to isolate all packets involving this specific IP to see its communication peers and ports.
How to Use
Upload the .pcap file, leave the Protocol Filter on 'All', and enter '192.168.1.50' into the IP Filter field.
Example Config
IP Filter: 192.168.1.50
Export Format: CSV
Outcome
The dashboard updates to show only sessions involving 192.168.1.50, revealing the top external IPs it communicated with, ready for CSV export.

Try with Samples

image, png, file
PCAPNG Capture Samples
Downloadable PCAPNG capture files from simple to complex for parser validation, format comparison, and network-analysis walkthroughs
matched family image,png
image, png
Path Analyzer Samples
Comprehensive collection of file system paths from Windows, Linux, and macOS for path analysis and testing
title token analyzer
sample
QR Code Samples
Sample QR code images for testing QR code reading and generation tools
matched family image,png
image, png
URL Query Analyzer Samples
Comprehensive collection of URLs with query parameters for testing URL parsing, encoding validation, and parameter extraction
title token analyzer
sample

Related Hubs

Image Convert Tools
Explore 100 image tools for convert workflows and compare closely related utilities quickly.
Image Tools
Explore 40 image tools for utility workflows and compare closely related utilities quickly.

FAQ

What file formats are supported?

The tool accepts standard .pcap files and basic .pcapng files containing Ethernet packets.

Can this tool decrypt TLS or HTTPS traffic?

No, the analyzer focuses on surface-level packet headers and basic unencrypted payloads like HTTP and DNS. It does not perform TLS decryption or deep application payload inspection.

Does it support IPv6 traffic?

Currently, the tool is optimized for Ethernet frames carrying IPv4 traffic. IPv6, ARP, and ICMP packets are not fully decoded.

How does the timeline feature work?

The timeline groups packets by the second, allowing you to easily spot sudden bursts of network traffic or identify periods of inactivity.

Can I export the filtered packet data?

Yes, you can export the filtered packet summaries in either JSON or CSV format for use in other reporting or analysis tools.

API Documentation

Request Endpoint

POST /en/api/tools/network-packet-analyzer

Request Parameters

Parameter Name Type Required Description
packetFile file (Upload required) Yes -
protocolFilter select No -
ipFilter text No -
exportFormat select No -

File type parameters need to be uploaded first via POST /upload/network-packet-analyzer to get filePath, then pass filePath to the corresponding file field.

Response Format

{
  "result": "
Processed HTML content
",
  "error": "Error message (optional)",
  "message": "Notification message (optional)",
  "metadata": {
    "key": "value"
  }
}
HTML: HTML

AI MCP Documentation

Add this tool to your MCP server configuration: 

{
  "mcpServers": {
    "elysiatools-network-packet-analyzer": {
      "name": "network-packet-analyzer",
      "description": "Parse pcap and basic pcapng captures, surface protocol hierarchy and session statistics, and export filtered packet summaries",
      "baseUrl": "https://elysiatools.com/mcp/sse?toolId=network-packet-analyzer",
      "command": "",
      "args": [],
      "env": {},
      "isActive": true,
      "type": "sse"
    }
  }
}

You can chain multiple tools, e.g.: `https://elysiatools.com/mcp/sse?toolId=png-to-webp,jpg-to-webp,gif-to-webp`, max 20 tools.

Supports URL file links or Base64 encoding for file parameters.

If you encounter any issues, please contact us at [email protected]