PCAP file filtering

filtering_barIn CapAnalysis is available a powerful set of filters for quick analysis. The filters are:

  • Filter elements: in flow data visualization
  • Filter files
  • Filter IP/Ports
  • Filter country
  • Filter data size
  • Filter protocols
  • Filter date and time

Here we describe just some of filters’s features. For next examples we used the PCAP hptcp.pcap (from Capture the hacker 2013 competition). Starting from the “date and time” filter the CapAnalysis page “Per Hour” displays the data:

Without filter

Without filter

From the figure we note that at the 7am there is a particular network traffic. Filtering the dataset to the 7am it is possible to investigate analyzing only the flows which were present in that time date.

date_filter

Filtered by time: 7am

Filtered by time: 7am

 

Another example can be identify all the flows, UDP or TCP, where the data sent are more than the data received. In this case the filter used is “data size“.

Filtered by size: data sent > data received

Filtered by size: data sent > data received

You can experience these functionalities freely downloading CapAnalysis.