Red Hand Analyzer

Free Security Analysis of PCAP Files

Upload a PCAP file and get a FREE automated analysis of the network traffic inside, to discover malicious activity, security vulnerabilities and other useful stuff.

  UPLOAD A PCAP FILE     OR       VIEW EXAMPLE

Online Packet Capture (PCAP) Analysis

Key Features

Red Hand Analyzer runs your PCAP file through an automated behavior analysis model to identify network patterns commonly associated with malicious hacker techniques, often missed by signature-based detection engines.


Behaviors, Not Signatures

Instead of relying on easily altered signatures, we perform behavioral analysis to detect professional techniques used for breaches, reconnaissance, remote control of malware, and data theft.


Integrated Threat Intelligence

We check every IP address and domain in your PCAP, including those inside DNS requests, against a constantly updated database of millions of known malicious addresses.


Maintain Data Privacy

We can detect a wide range of malicious activities without decrypting your network traffic, so rest assured your sensitive data inside the packets is secure and inaccessible to anyone, including us.


About PCAP Files

PCAP files (Packet Capture files) are raw recordings of network traffic, containing detailed data on every packet sent and received over a network during a capture session. They show who communicated with whom, which protocols were used, what was transmitted, and when - essentially giving a full snapshot of network activity.

Creating PCAP files on Windows

  1. Open an elevated Command Prompt or PowerShell interpreter (via Run as Administrator).
  2. Choose the capture interface:
    Use ipconfig /all to find which interface has the Default Gateway configured.
    Take note of this interface’s MAC address, and run pktmon list to find the ID of the desired capture device (the line that matches the MAC from the previous command).
  3. Run the following command to capture network traffic: pktmon start -c --comp <id> --pkt-size 0 -s 100 -f cap1.etl
    • <id>: Interface ID
    • 100: Max capture file size in MB
    • cap1.etl: Output filename
  4. When you have captured enough data, stop the capture process with the pktmon stop command.
  5. Convert the capture to PcapNG: pktmon etl2pcap cap1.etl --out cap1.pcapng

 

  SEE DETAILED GUIDE

Creating PCAP files on Linux

  1. Login/Open terminal.
  2. Choose the capture interface:
    Use ip route | grep default to find which interface has the Default Gateway configured. Take note of the interface's (dev) name.
  3. Run the following command to capture network traffic:
    sudo tcpdump -vni <interface-name> -s 0 -w <filename.pcap> -c 100000
    • <interface-name>: Interface name
    • <filename.pcap>: Output filename, ex: capture.pcap
    • 100000: Number of packets to capture (roughly equivalent to 100MB)
    Let tcpdump finish the capture process when it reaches 100,000 packets, or manually stop it by pressing Ctrl+C.

 

  SEE DETAILED GUIDE

Creating PCAP files on Mac

  1. Launch terminal (Launchpad -> Terminal)
  2. Choose the capture interface:
    Use netstat -nr | grep default to find which interface has the Default Gateway configured. Take note of the interface's (device) name.
  3. Run the following command to capture network traffic:
    sudo tcpdump -vni <interface-name> -s 0 -w <filename.pcap> -c 100000
    • <interface-name>: Interface name, ex: en0
    • <filename.pcap>: Output filename, ex: capture.pcap
    • 100000: Number of packets to capture (roughly equivalent to 100MB)
    Let tcpdump finish the capture process when it reaches 100,000 packets, or manually stop it by pressing Ctrl+C.

 

  SEE DETAILED GUIDE