What Is It?

PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within. The engine is built with the InfoSec community in mind, and has applications within malware analysis and incident response. PacketTotal leverages features of Bro and Suricata to flag malicious/suspicious traffic, display detailed protocol information, and extract artifacts found inside the packet capture.

Being able to search for indicators within the archive was an important goal of this project. The engine uses Elasticsearch for index and search operations. This allows the archive to be searched using a single indicator or a complex Lucene query.

Before you start analyzing packet captures it is important to remember that once analysis has started the information within the packet capture file becomes available to the Internet. The tool was intended for packet-captures generated within sandboxed environments, ensuring that no potentially confidential information is exposed. It will however accept any .pcap or .pcapng file under 50MB. Be sure to read the Privacy Policy to understand what type of information you will be sharing.

Frequently Asked Questions»

Contact Us



Quickly gain insights to threats, connections, and protocols encapsulated inside your packet capture. Download artifacts extracted from your packet capture and deepdive into results with extended tools.


Chronologically reconstruct packet captures to visualize the duration and frequency of connections.


Visualize general connection information as well as protocol level metrics. Drilldown into results to understand what information is relevant to your analysis.