Your Wireshark-Package Analyser and Manager

Analyse your packages fast and structured with our Wireshark-Package-Analyser.

Start Analysis

Features

Fast packet analysis

Rapid and efficient analysis of network packets

Structured traffic overview

Clear visualization of network traffic

Suspicious traffic detection

Automatic detection of suspicious activities

IP intelligence

WHOIS and advanced IP information

Network Flow Visualization

1
📤
PCAP FileUpload to R22
🔍
Packet ParsingExtract Packets3
☁️
Cloud ProviderRange Check4
🌐
ASN LookupTeam Cymru5
Trusted IPsDatabase Check6
⚠️
Suspicious DetectionTraffic Analysis7
📊
Analysis ReportFinal Results

How Our File Processing System Works

1. Direct R2 Upload

When you upload a packet capture file, it is directly uploaded to Cloudflare R2 storage using a secure presigned URL.

2. Framework Processing

Once uploaded to R2, our framework streams the file directly from R2 storage for analysis. The file is processed in memory using streaming techniques, never fully loaded into RAM, allowing us to handle files up to 1.5GB efficiently.

3. Automatic Deletion

Immediately after analysis is complete, the file is automatically deleted from R2 storage. Only the analysis results (statistics, IP information, suspicious traffic reports) are stored in our PostgreSQL database.No packet data is permanently stored.

Privacy Guarantee: Your packet files are processed ephemerally and automatically deleted. Only metadata and analysis results are stored temporarily for your session.

How Our IP Intelligence System Works

1. IP Classification

Every IP address is first classified into categories:

  • Public: Routable internet addresses
  • Private: RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
  • Local/Loopback: 127.0.0.0/8, link-local, multicast ranges

2. Trusted IP Lists

We maintain comprehensive trusted IP ranges from major cloud providers:

  • Google Cloud Platform: Official IP ranges automatically loaded
  • Cloudflare: CDN and DNS resolver IPs
  • Amazon Web Services (AWS): EC2, S3, and service IPs
  • Microsoft Azure: Cloud service IP ranges
  • Fastly: CDN network IPs

These lists are automatically updated and cached for performance.

3. ASN-Based Lookup

For public IPs not in known cloud ranges, we use DNS-based ASN lookup (Team Cymru):

  • Fast, reliable ASN identification without WHOIS
  • Organization name resolution
  • Country and network information

4. Suspicious Traffic Detection

Traffic is analyzed using behavioral heuristics:

  • Port Scanning: Sequential port access patterns
  • High Packet Rate: Unusually high traffic volume
  • Multiple Targets: Scanning multiple IPs/ports
  • Unusual Ports: Accessing non-standard ports
  • Repeated Failures: Multiple failed connection attempts

Important: Trusted IPs (cloud providers, known services) are automatically excluded from suspicious traffic flags, even if they show high activity.

Note: This system uses rule-based analysis, not machine learning. All IP classification and suspicious traffic detection is deterministic and transparent. No packet data is stored permanently—everything is processed in memory only.

Ready to Analyze?

Upload your PCAP or PCAPNG file and get detailed insights into your network traffic.

Analyze Now