What is PacketTotal Labs?

PacketTotal Labs is an area of the site where the team can share cool projects that are still undergoing development and testing. Given the immense amount of data on the site many of these projects focus around data analysis, machine learning, and creative ways of gathering qualitative and quantitative categorizers. Due to the complexity of these problems, tools hosted on this section of the site rely on a much more robust serverless backend for distributed tasking. A list of projects is listed below.


  • [10/22/2018] Bulk IOC Search allows you to search as many as 100 Indicators of Compromise (IOCS) at once, returning links to relevant captures. These IOCS can be URLs, domains, hashes, IP addresses, or some other value. This tool uses a serverless backend to execute distributed searches.


  • [10/26/2018] Packet Capture Glyphing algorithm. At a glance you can determine roughly how many sessions occurred in the capture, and whether they are TCP, UDP, or ICMP. More information about reading Capture Glyphs can be found here.

  • [10/18/2018] We're working with Stratosphereips.org to ingest several hundred GB of botnet packet captures. Analysis queues may be a bit backed up over the next few weeks. Search by keyword www.stratosphereips.org to view those uploaded so far. Tons of Kelihos Traffic!

  • [10/03/2018] Packet Capture tagging is live! You can now tag your captures on the site with various keywords and link them to articles and writeups. Get started with a random malicious PCAP.