Analyzing PCAP files

Learn more about the IOTA solution at profitap.com/iota

Often, there are existing network intersections in the PCAPNG that colleagues or customers have recorded and which should be analyzed retrospectively. This quick guide describes the associated workflow with Profitap IOTA.

Workflow

After logging in to the IOTA web GUI, we navigate to the sub-item “Import a PCAP-NG” in the menu on the left margin under the item “IOTA Data Vault”.


Figure 1: Switch to the dialog for importing a PCAPNG file.

Next, we go to the Import menu, as shown in Figure 2.


Figure 2: IOTA Data Vault where PCAPNG files can be imported.

We click the Import button and choose the PCAPNG file in the subsequent file selection dialog. It is important to note that only PCAPNG and no classic PCAP files are supported, although files with the extension .pcap are also displayed in the selection. In the event of an incorrect selection, IOTA will inform you via an error message regarding an incorrect format.

When importing a new PCAPNG file, it will be analyzed in parallel to the capture analysis session, and won't impact the analysis performance.


Figure 3: Selection of the PCAPNG file to be analyzed.

After selection, an import progress indicator appears next to the import button. After successful import, the IOTA acknowledges this with a “Successfully imported pcap-ng file”.


Figure 4: Import progress indicator and following success message.

Following the import, we switch to the Home Dashboard.


Figure 5: Switching to the Home Dashboard.

After the import, we switch to the Home Dashboard. Since the PCAPNG file was recorded at an earlier time, we still need to select the time period to be analyzed based on an absolute or relative time window. We can also find the exact time in the Data Vault, by locating the imported file and checking the “Start time” field.


Figure 6: Selection of the absolute or relative time window to be evaluated from the imported PCAPNG.

After that, we can start the analysis and use the dashboards as usual.


Figure 7: Display of the data from the previously imported PCAPNG file and the relative time window of 24 hours.

Learn more about the IOTA solution at profitap.com/iota

  • Last modified: February 29, 2024

© 2024 Profitap HQ B.V. and its licensors. All Rights Reserved — Profitap HQ B.V., High Tech Campus 84, 5656 AG Eindhoven, The Netherlands | Privacy Policy | Terms and Conditions