Skip to content
PacketSense
Product

One investigation surface, built on the packet.

PacketSense brings import, inspection, prioritization, investigation, and reporting into a single local-first workflow — so evidence moves forward without losing packet-level traceability.

Workflow

From raw capture to evidence-backed finding.

Five stages, one continuous model — each step keeps the underlying packets inspectable.

01

Import evidence

Bring in packets from wherever the evidence lives.

  • PCAP / PCAPNG files
  • Live capture from interfaces
  • Text captures, FortiGate logs, hex dumps
02

Normalize & inspect

Every source becomes one inspectable packet model.

  • Packet log
  • Protocol tree
  • Filters
  • Packet details
03

Prioritize

See what deserves attention first.

  • Anomalies
  • TCP / TLS issues
  • Top talkers
  • Threat context
04

Investigate

Move from a signal to a conclusion you can defend.

  • Stream content
  • Flow sequence
  • Timeline
  • Guided diagnosis
  • Local Analyst Assistant
05

Package

Turn evidence into something you can hand off.

  • Reports
  • CSV / PCAP slices
  • Evidence-backed summaries
Packet Log

Filter, inspect, and classify — without leaving the frame.

A professional packet log with protocol categorization, packet details, packet bytes, right-click context actions, and follow-stream navigation built for analyst speed.

PacketSense
tls.handshake || tcp.flags.reset==1
No.TimeSourceDestProtoLen

Packet details · frame 218

  • Frame 218: 583 bytes on wire (4664 bits)

    • Arrival Time: Jun 12, 2026 09:41:03.199402
    • Frame Length: 583 bytes
    • Protocols in frame: eth:ethertype:ip:tcp:tls
  • Internet Protocol Version 4, Src: 198.51.100.24, Dst: 192.0.2.44

    • Time to Live: 64
    • Protocol: TCP (6)
    • Header Checksum: 0x0000 [validation disabled]
  • Transport Layer Security

    • TLSv1.3 Record Layer: Handshake Protocol: Client Hello
    • Version: TLS 1.2 (0x0303)
    • Extension: server_name (SNI=telemetry-edge.example)

Packet bytes

000045 00 02 47 1c 42 40 00 40 06 00 00 c6 33 64 18
0010c0 00 02 2c c3 ca 01 bb 6b 2f a1 04 00 00 00 00
0020b0 02 fa f0 4f 21 00 00 02 04 05 b4 01 03 03 08
003016 03 01 02 12 01 00 02 0e 03 03 5f a1 c8 2b 74
Follow TCP stream

client → server

GET /collect?id=8831 HTTP/1.1
Host: telemetry-edge.example
User-Agent: netcollect/2.4
Accept: */*

server → client

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 42

{"status":"ok","next":180,"id":"8831"}
Remaining application data is TLS-encrypted and can't be reconstructed from this capture. PacketSense shows what the evidence supports and stops there — no guesses.
Stream Content

Reconstruct conversations — and be honest about the gaps.

PacketSense rebuilds HTTP/TCP/UDP-style conversations where the capture supports it, and explains gracefully when a stream can't be reconstructed. It shows what the evidence supports and stops there.

Local Analyst Assistantruns on-device · cites packet evidence

This capture shows a workstation resolving and briefly contacting an unknown host. Two signals are worth reviewing:

  1. 1Failed handshakes to 192.0.2.71:9099

    5 SYN attempts, no completed TCP handshake — a RST arrives from an unexpected source port. Consistent with a blocked or dead service.

    → frames 221, 222

  2. 2NXDOMAIN lookup: c2-beacon.example

    A non-cached DNS query for a suspicious name returned NXDOMAIN. No follow-on connection was observed in this capture.

    → frames 223, 224

Suggested next steps

  • · Follow the TCP stream to 192.0.2.71 and confirm the reset origin.
  • · Check whether c2-beacon.example appears in signed intelligence bundles.
Local Analyst Assistant

Guidance that always cites the packet.

The Local Analyst Assistant summarizes capture evidence, surfaces investigation patterns, suggests next steps, and links every conclusion back to specific frames — so analysts can validate, not just trust.

Capabilities

Everything the investigation needs.

Each capability preserves packet-level traceability, so findings stay defensible from first triage to final report.

Packet Log

A professional packet log built for analyst navigation — filter, inspect, and classify without losing the raw frame.

  • Filtering & protocol categorization
  • Packet details & packet bytes
  • Right-click context actions
  • Follow-stream navigation

Stream Content

Reconstruct HTTP/TCP/UDP-style conversations where the capture supports it — and explain gracefully when a stream can't be rebuilt.

  • Follow-stream reconstruction
  • Request/response context
  • Honest gaps, not guesses

Text Capture Import

Turn text-based evidence into analyzable capture data — FortiGate-style logs, hex dumps, and text packet data.

  • FortiGate-style log import
  • Hex-dump conversion
  • Text-to-capture normalization

Local Analyst Assistant

A local assistant that summarizes capture evidence, suggests next steps, and creates actionable drilldowns — always linked back to packets.

  • Evidence summaries
  • Follow-up questions
  • Guided drilldowns & next steps

Threat Hunting

Surface what's worth a closer look — anomaly summaries, local rules, and threat-intelligence enrichment where configured.

  • Anomaly summaries
  • Local rules
  • Threat-intel enrichment where enabled

TLS / Security

Understand the security posture of a capture with TLS visibility, handshake context, and clear warning surfaces.

  • TLS handshake visibility
  • Security context
  • Warning surfaces

Network Intelligence

See who's talking to whom — top talkers, geolocation-style summaries where the data exists, and topology-style context.

  • Top talkers
  • Geolocation-style summaries
  • Topology-style context

Reports & Exports

Share investigation findings without losing packet-level traceability — reports plus CSV/PCAP slices.

  • Evidence-backed reports
  • CSV / PCAP slices
  • Traceable findings

Enterprise Controls

Governance for teams that handle sensitive evidence — seats, admin-only controls, policy, and cloud-AI governance.

  • Seat & device management
  • Admin-only controls
  • Local-only mode & AI policy

Bring PacketSense into your investigation workflow.

Request pilot access and evaluate the full local workflow — PCAP and text import, live capture, the Local Analyst Assistant, threat hunting, and reports.