Getting Started

Introduction Registration Capture PCAPs Anonymize PCAPs Upload Feature comparision

PCAP Browser

Overview Search Mass Actions Basic Information Connection view Comments Tags DNS View Indices Capture Point Visualization

Indexing

Defaut Indexer Reindexing Settings

Analyze

Overview Packet List Filter Bar Decode Hex View Explain Field Edit PCAP Graph View Statistics Decryption

Settings

Overview Profile Indexer Roles Tags

Account Management

Profile Deletion

Help

Application errors

Encyclopedia

Initial Round Trip Time Server Name Indication Packet Slicing PCAPng

Analysis View Overview

The analysis view shows the content of a single PCAP

The view is normally composed of the following parts

In the following screenshot an analysis filter has been applied and just a subset of the packets within the PCAP is shown in the packet list.

Analysis View

Analyze Actions

The actions menu of the analysis view gives you quick actions to change the view of the trace files and a quick access to change certain profile parameters.

Analysis Action Menu

  • decode as
  • copy link (copy permalink to the trace file)
  • edit analysis
  • edit profile
  • autosize columns
  • save special packets
  • stream filter
  • packet info
  • packet coloring
  • dark mode
  • profile selection
  • view selection

Decode As

The decode as actions allows you to overwrite the decoding behaviour. It is sometimes necessary that the analyst guides the tool to decode a certain protocol that is not recognized. Common examples are protocols that work on non well-knonw ports like ftp-data , rtp or http on a high port.

Decode As

For example with this trace the unknown UDP protocol on port 18388 can be decoded

Decode As Unknown UDP

The packets are then decoded correctly as RTP

Decode As Unknown UDP

Dark Mode

Dark Mode

On this page