IT
OmnvertImage • Document • Network

PCAP Conversations

Upload a PCAP/PCAPNG and get top endpoints and pairs (IP:port, proto, packets, bytes). Optional display filter & DNS mapping.

We accept .pcap and .pcapng. Filters use Wireshark display syntax.

Top Pairs

ProtoSourceDestinationPacketsBytes

If analysis fails, ensure the capture isn’t corrupted. Very large PCAPs may be truncated by the server limit.

About

When you need a quick overview of a capture, endpoint and pair summaries are the fastest way to orient yourself. Upload a PCAP/PCAPNG and the tool returns top endpoints and top pairs with packets/bytes and protocol labels.

Use Wireshark display filters to narrow scope (for example only TCP, or only a target subnet). Group-by-IP mode collapses port-level noise for a simpler view; disable it to see IP:port endpoints when ports matter.

The output can be downloaded as JSON for reporting, automation, or further enrichment. It’s a practical starting point before you dive into packet payloads.

Search activity

pcap endpointspcap top talkerspcap conversationspcap endpoints jsonpcap pairs listwireshark endpointstshark endpointspcap endpoints with dns namespcap endpoints display filterpcap ip port listpcap conversations endpointspcap ip port endpointswireshark endpoints onlinetshark endpoints analysispcap endpoints wireshark display filter

FAQ

What are “pairs”?
Pairs represent directional conversations between a source and destination (IP and optional port), with totals for bytes and packets.
What does “group by IP only” do?
It collapses different ports under the same IP so you get a simpler endpoint list when ports are not important.
Can I include DNS names?
Yes. Enable DNS enrichment to attach resolved names for known IPs when possible.
Can I filter the capture?
Yes. Use a Wireshark display filter to analyze only matching packets.
Is my capture stored?
The file is processed to produce results and is not intended to be retained.

Related Tools