PCAP Analyzer is a new feature introduced by VirusTotal which allows you to fully scan and analyze PCAP files.
PCAP contains and can be used to gather information on various different network activity. They can be used to find out about possible trojan downloads that’re happening on the monitored network, log exploits that are being tried on various different applications and much more. Now with PCAP Analyzer, they can be easily scanned and you can find out what’s really happening on your network.
Part of the report that you’ll be getting from this free PCAP Analyzer can be seen on the image above. These are two analysis which tell you what the metadata of the PCAP files that’re scanned is, and also what the HTTP requests which were made during the scan are.
Notice the capture duration value that’s mentioned in the metadata segment. VirusTotal reads the files in great detail. That way it can present you with actual links to sites and IP address that were accessed.
Key features of PCAP Analyzer are:
- Web based – it’s basically just an added functionality of VirusTotal
- Metadata extraction – number of packets, start and stop log time, etc
- HTTP requests – analyzes HTTP network connections which are made
- DNS requests – presents you with a list of DNS requests that are created
- Exploitation and malware transfer detection – trojan downloads
For those who didn’t quite get what PCAP Analyzer does, here’s a bit more explaining. Let’s say that you would like to monitor all the traffic of a certain network. You can use network tools, regardless of the operating system, to save all the network communication in files. All the requests, transfers, not actual files, just the their destinations and sources. This info can be saved in PCAP file, which can then be used for network performance analysis, or in case of VirusTotal PCAP Analyzer, for malware activity analysis.
Also check out network packet sniffers.
How to scan and analyze PCAP files with VirusTotal PCAP Analyzer
Nothing special needs to be done in order to scan these types of files. Do everything that you’d normally do when scanning a file on VirusTotal, open up the website, links available down below, upload files and wait for the scan to finish.
Open up the File detail tab, which contains the PCAP file analysis report. This is from any example PCAP file, but something very similar will show up for your network traffic too. Remember that just because you have active connections, that doesn’t mean that you’re infected with malware. It just means that you are online.
Make sure that you scroll through everything, notice the plus sign next to each entry which gives you more info and the Show All button, which gives you more results down below.
Conclusion
PCAP Analyzer might not be for your everyday computer users, but those who are a bit more tech oriented will find that it’s a very useful tool. Scan lasts fairly quickly, it depend on the service load, and you get to see a lot of info about your network activity. Give it a try and see how it goes. Free to use.