PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within. The engine is built with the InfoSec community in mind, and has applications within malware analysis and incident response. PacketTotal leverages features of Bro and Suricata to flag malicious/suspicious traffic, display detailed protocol information, and extract artifacts found inside the packet capture.
Being able to search for indicators within the archive was an important goal of this project. The engine uses Elasticsearch for index and search operations. This allows the archive to be searched using a single indicator or a complex Lucene query.
Quickly gain insights to threats, connections, and protocols encapsulated inside your packet capture. Download artifacts extracted from your packet capture and deepdive into results with extended tools.
Chronologically reconstruct packet captures to visualize the duration and frequency of connections.
Visualize general connection information as well as protocol level metrics. Drilldown into results to understand what information is relevant to your analysis.