Our Products

NetworkMiner logo


NetworkMiner is a popular network forensics tool that can parse pcap files as well as perform live sniffing of network traffic on Ethernet and WiFi networks.

NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

NetworkMiner has, since the first release in 2007, become a popular tool among incident response teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world.

CapLoader logo


CapLoader is a Windows tool designed to handle large amounts of captured network traffic in the tcpdump/libpcap format (PCAP). CapLoader displays the contents of opened PCAP files as a list of TCP and UDP flows. Users can select the flows of interest and quickly filter out those packets from the loaded PCAP files. Sending the selected flows/packets to a packet analyzer tool like Wireshark or NetworkMiner is then just a mouse click away.

CapLoader is the ideal tool to use when handling big data PCAP files in sizes up to many gigabytes (GB). The contents of individual flows can be exported to tools like Wireshark and NetworkMiner in just a matter of seconds after having loaded one or multiple large PCAP files.

RawCap logo


RawCap is a tiny command line sniffer for Windows. You can sniff packets with RawCap without having special network drivers (like WinPcap) installed.

RawCap also has the unique ability to capture packets from localhost ( on Windows.


SplitCap is a command line tool designed to split large PCAP files into smaller ones, where each IP address or even individual session will be placed in a separate PCAP file. SplitCap can also be used to perform fast filtering of pcap files based on TCP or UDP port numbers.


The Statistical Protocol IDentification (SPID) tool is a proof-of-concept (PoC) of how the SPID algorithm can be used in order to identify application layer protocols based on statistical measurements rather than port numbers. SPID PoC can even be used to identify obfuscated protocols as shown in the technical report "Breaking and Improving Protocol Obfuscation".

PCAP T-shirt

PCAP T-shirt

T-shirt specs:

  • Color: Black
  • Print: RJ45 socket in silver, "PCAP or it didn't happen" in white
  • Fabric: 100% cotton