Our Products

NetworkMiner logo


NetworkMiner is a popular network forensics tool that can parse pcap files as well as perform live sniffing of network traffic on Ethernet and WiFi networks.

NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

NetworkMiner has, since the first release in 2007, become a popular tool among incident response teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world.

CapLoader logo


CapLoader is a Windows tool designed to handle large amounts of captured network traffic in the tcpdump/libpcap format (PCAP). CapLoader displays the contents of opened PCAP files as a list of TCP and UDP flows. Users can select the flows of interest and quickly filter out those packets from the loaded PCAP files. Sending the selected flows/packets to a packet analyzer tool like Wireshark or NetworkMiner is then just a mouse click away.

CapLoader is the ideal tool to use when handling big data PCAP files in sizes up to many gigabytes (GB). The contents of individual flows can be exported to tools like Wireshark and NetworkMiner in just a matter of seconds after having loaded one or multiple large PCAP files.

PolarProxy logo


PolarProxy is a transparent TLS and SSL inspection proxy created for incident responders and malware researchers. PolarProxy is primarily designed to intercept and decrypt TLS encrypted traffic from malware that is run in a controlled environment, such as a sandbox. PolarProxy decrypts and re-encrypts TLS traffic, while also saving the decrypted traffic in a PCAP file.

PacketCache logo


PacketCache is a free Windows service designed to continuously monitor the network interfaces of a computer and store the captured packets in memory (RAM).

The idea is to make full-content packets available for post-event incident response and network forensic analysis. PacketCache can be used either as a complement to solutions for centralized network packet capturing, or without any other network monitoring solution in place.

RawCap logo


RawCap is a tiny command line sniffer for Windows. You can sniff packets with RawCap without having special network drivers (like WinPcap) installed.

RawCap also has the unique ability to capture packets from localhost ( on Windows.

TrimPCAP logo


TrimPCAP is a free open source tool that reduces the size of capture files in an intelligent way. With reduced storage needs comes longer retention periods. TrimPCAP has been shown to reduce most PCAP datasets by over 90 percent!

findject logo


Findject is a simple python script that can find injected TCP packets in HTTP sessions, such as the QUANTUMINSERT Man-on-the-Side (MOTS) attacks.


SplitCap is a command line tool designed to split large PCAP files into smaller ones, where each IP address or even individual session will be placed in a separate PCAP file. SplitCap can also be used to perform fast filtering of pcap files based on TCP or UDP port numbers.


The Statistical Protocol IDentification (SPID) tool is a proof-of-concept (PoC) of how the SPID algorithm can be used in order to identify application layer protocols based on statistical measurements rather than port numbers. SPID PoC can even be used to identify obfuscated protocols as shown in the technical report "Breaking and Improving Protocol Obfuscation".