IT
OmnvertImage • Document • Network

PCAP Conversations

Upload a PCAP/PCAPNG and get top endpoints and pairs (IP:port, proto, packets, bytes). Optional display filter & DNS mapping.

We accept .pcap and .pcapng. Filters use Wireshark display syntax.

Top Pairs

ProtoSourceDestinationPacketsBytes

If analysis fails, ensure the capture isn’t corrupted. Very large PCAPs may be truncated by the server limit.

Server-sideProcessed server-side

This tool uses a server-side service for processing; uploaded files or requests are not kept for long-term storage.

About

When you need a quick overview of a capture, endpoint and pair summaries are the fastest way to orient yourself. Upload a PCAP/PCAPNG and the tool returns top endpoints and top pairs with packets/bytes and protocol labels.

Use Wireshark display filters to narrow scope (for example only TCP, or only a target subnet). Group-by-IP mode collapses port-level noise for a simpler view; disable it to see IP:port endpoints when ports matter.

The output can be downloaded as JSON for reporting, automation, or further enrichment. It’s a practical starting point before you dive into packet payloads.

How it works

  1. 1Open PCAP Conversations and choose your file or enter the required input.
  2. 2Check the settings and start the process.
  3. 3The tool creates the result with temporary server-side processing.
  4. 4Download the output or copy the result when it is ready.

FAQ

What are “pairs”?
Pairs represent directional conversations between a source and destination (IP and optional port), with totals for bytes and packets.
What does “group by IP only” do?
It collapses different ports under the same IP so you get a simpler endpoint list when ports are not important.
Can I include DNS names?
Yes. Enable DNS enrichment to attach resolved names for known IPs when possible.
Can I filter the capture?
Yes. Use a Wireshark display filter to analyze only matching packets.
Is my capture stored?
The file is processed to produce results and is not intended to be retained.