Analysis takes around 15 seconds per packet-capture. I implement a queue-based, distributed, processing model, meaning the time is actually relative to the number of captures in front of yours. On average, packet-captures take 2-3 minutes to be queued and analyzed under times of high load.
PacketTotal presents information at a higher level than a tools such as WireShark. When I built this tool I was less concerned about duplicating functionality of these tools and more about automating the extraction of information that would be useful to security analysts and researchers. On top of extracting information useful to quickly understanding the scope of a security incident or how a particular piece of malware communicates, PacketTotal:
Currently, you are limited to 50MB packet-captures, any larger and the processing nodes have trouble analyzing the capture in a reasonable amount of time. I also use server-side content inspection of packet-captures to validate they can be processed by the processing nodes. Some .pcapng files fallout outside this criteria. If you receive an error simply re-open the packet-capture in a tool like WireShark, and save as a standard .pcap file.
Quite a few, the engine is 100% coded in Python and relies on a custom templating engine for page-rendering. At the heart of the tool I use three amazing open-source technologies to facilitate analysis, retention, and searching.
This is a very legitimate use-case, however one of the primary goals of this project was to allow open intel sharing of malicious packet-captures accross the InfoSec community. I am working on a private API which I plan on making available in mid-2017. For the time being, simply use one of the numerous .pcap editing tools to redact any information you do not want shared prior to upload.
This software has been put through tens-of-thousands of automated tests, however it is completely possible something was missed. If you find a bug, please report it to email@example.com.