Getting Started

Introduction Registration Capture PCAPs Anonymize PCAPs Upload Feature comparision

PCAP Browser

Overview Search Mass Actions Basic Information Connection view Comments Tags DNS View Indices Capture Point Visualization

Indexing

Defaut Indexer Reindexing Settings

Analyze

Overview Packet List Filter Bar Decode Hex View Explain Field Edit PCAP Graph View Statistics Decryption

Settings

Overview Profile Indexer Roles Tags

Account Management

Profile Deletion

Help

Application errors

Encyclopedia

Initial Round Trip Time Server Name Indication Packet Slicing PCAPng

How to capture packets

There are various ways to capture packets. Depending on your situation you might prefer the one or the others

Currently, you can not use the packet analyzer to capture network traffic. It is only possible to upload files that were captured using other means. On this page, some of the ways to capture network packets are described.

As a general resource about capturing we recommend the Network Capture Playbook by Jasper

Dumpcap (cross-platform)

Dumpcap is a tool that is installed alongside Wireshark and provides a good performant and flexible way to capture packets. Use this tool especially for troubleshooting sporadic network problems that long-term captures.

Wireshark (cross-platform)

Wireshark is a UI based tool that can also perform network captures. As it comes with an UI it uses more resources than a command-line tool like dumpcap.

TCPdump (cross-platform)

TCPdump is an alternative to dumpcap.

Packet Monitor (Windows)

https://docs.microsoft.com/en-us/windows-server/networking/technologies/pktmon/pktmon

On this page