Packet Log
A professional packet log built for analyst navigation — filter, inspect, and classify without losing the raw frame.
- Filtering & protocol categorization
- Packet details & packet bytes
- Right-click context actions
- Follow-stream navigation
PacketSense turns PCAP files, live captures, and text-based packet evidence into structured findings, stream views, threat context, reports, and guided investigation — while keeping raw captures local by default.
Protocol distribution
SYN retries to 192.0.2.71:9099 · NXDOMAIN beacon lookup
Workstation contacted an unknown host and failed to complete the handshake.→ frames 221–224
Captures contain the truth, but that truth is often buried in raw rows, flags, ports, timings, streams, and protocol details. PacketSense keeps packet evidence inspectable while adding the structure analysts need to move faster.
Captures hold the truth, but it's buried in rows, flags, ports, timings, streams, and protocol details.
Packet tables are unforgiving. Newer analysts spend hours where the signal is minutes away.
Experienced engineers need deterministic, inspectable evidence — not a black box that says 'trust me'.
Plenty of captures simply cannot be uploaded to a cloud tool. The workflow has to run locally.
Traditional triage jumps between tools, scripts, notes, screenshots, and reports — losing traceability.
One workflow, five stages — import, normalize, prioritize, investigate, and package — so evidence moves forward without jumping between disconnected tools.
Bring in packets from wherever the evidence lives.
Every source becomes one inspectable packet model.
See what deserves attention first.
Move from a signal to a conclusion you can defend.
Turn evidence into something you can hand off.
Every capability keeps packet-level traceability — so findings stay defensible from first triage to final report.
A professional packet log built for analyst navigation — filter, inspect, and classify without losing the raw frame.
Reconstruct HTTP/TCP/UDP-style conversations where the capture supports it — and explain gracefully when a stream can't be rebuilt.
Turn text-based evidence into analyzable capture data — FortiGate-style logs, hex dumps, and text packet data.
A local assistant that summarizes capture evidence, suggests next steps, and creates actionable drilldowns — always linked back to packets.
Surface what's worth a closer look — anomaly summaries, local rules, and threat-intelligence enrichment where configured.
Understand the security posture of a capture with TLS visibility, handshake context, and clear warning surfaces.
See who's talking to whom — top talkers, geolocation-style summaries where the data exists, and topology-style context.
Share investigation findings without losing packet-level traceability — reports plus CSV/PCAP slices.
Governance for teams that handle sensitive evidence — seats, admin-only controls, policy, and cloud-AI governance.
Senior analysts need deterministic, inspectable evidence — and juniors need a way in that doesn't start with a wall of raw rows. PacketSense gives you both.
Packet details · frame 218
▸ Frame 218: 583 bytes on wire (4664 bits)
▸ Internet Protocol Version 4, Src: 198.51.100.24, Dst: 192.0.2.44
▸ Transport Layer Security
Packet bytes
Sensitive captures should not need to leave the analyst's machine just to get useful answers. PacketSense is designed for local analysis first, with enterprise policy controlling optional cloud workflows.
PacketSense app
Where analysis happens
Captures & reports
Stored locally, by you
Your raw captures never leave this boundary. Analysis runs on your machine.
Confirms your license is active. No capture data is uploaded.
Keeps detections current, verified before use — your captures stay put.
Stays off unless an enterprise explicitly enables and approves it.
This capture shows a workstation resolving and briefly contacting an unknown host. Two signals are worth reviewing:
5 SYN attempts, no completed TCP handshake — a RST arrives from an unexpected source port. Consistent with a blocked or dead service.
→ frames 221, 222
A non-cached DNS query for a suspicious name returned NXDOMAIN. No follow-on connection was observed in this capture.
→ frames 223, 224
Suggested next steps
The Local Analyst Assistant summarizes capture behavior, identifies investigation patterns, suggests next steps, and links back to packet-level evidence so analysts can validate every conclusion.
Enterprise controls let organizations manage seats, enforce local-only workflows, control cloud AI providers, and distribute signed intelligence updates without turning raw captures into cloud telemetry.
Policy controls
Local-only mode
Block all remote export & cloud AI
Allow cloud AI providers
Enterprise-approved providers only
Detailed audit logging
Record analyst actions
Signed intelligence updates
Verify bundle signatures before apply
Seat & device inventory
soc-analyst-01 · macOS
Pro seat
ir-lead-02 · Windows
Pro seat
msp-field-07 · Linux
Individual seat
PacketSense is maturing across three horizons — a capable local-first investigation experience today, deeper enterprise workflows next, and broader deployment options later — while preserving the core promise that raw captures stay local.
Request pilot access and evaluate the full local workflow — PCAP and text import, live capture, the Local Analyst Assistant, threat hunting, and reports.