Packet Log
A professional packet log built for analyst navigation — filter, inspect, and classify without losing the raw frame.
- Filtering & protocol categorization
- Packet details & packet bytes
- Right-click context actions
- Follow-stream navigation
PacketSense turns PCAP files, live captures, and text-based packet evidence into structured findings, stream views, threat context, reports, and guided investigation — while keeping raw captures local by default.
Protocol distribution
SYN retries to 192.0.2.71:9099 · NXDOMAIN beacon lookup
Workstation contacted an unknown host and failed to complete the handshake.→ frames 221–224
Captures contain the truth, but that truth is often buried in raw rows, flags, ports, timings, streams, and protocol details. PacketSense keeps packet evidence inspectable while adding the structure analysts need to move faster.
Captures hold the truth, but it's buried in rows, flags, ports, timings, streams, and protocol details.
Packet tables are unforgiving. Newer analysts spend hours where the signal is minutes away.
Experienced engineers need deterministic, inspectable evidence — not a black box that says 'trust me'.
Plenty of captures simply cannot be uploaded to a cloud tool. The workflow has to run locally.
Traditional triage jumps between tools, scripts, notes, screenshots, and reports — losing traceability.
One workflow, five stages — import, normalize, prioritize, investigate, and package — so evidence moves forward without jumping between disconnected tools.
Bring in packets from wherever the evidence lives.
Every source becomes one inspectable packet model.
See what deserves attention first.
Move from a signal to a conclusion you can defend.
Turn evidence into something you can hand off.
Every capability keeps packet-level traceability — so findings stay defensible from first triage to final report.
A professional packet log built for analyst navigation — filter, inspect, and classify without losing the raw frame.
Reconstruct HTTP/TCP/UDP-style conversations where the capture supports it — and explain gracefully when a stream can't be rebuilt.
Reconstruct observed OSPF and BGP control-plane behavior from a capture — adjacencies, sessions, topology, prefixes and policy — all packet-backed.
Turn text-based evidence into analyzable capture data — FortiGate-style logs, hex dumps, and text packet data.
A local assistant that summarizes capture evidence, suggests next steps, and creates actionable drilldowns — always linked back to packets.
Surface what's worth a closer look — anomaly summaries, local rules, and threat-intelligence enrichment where configured.
Understand the security posture of a capture with TLS visibility, handshake context, and clear warning surfaces.
See who's talking to whom — top talkers, geolocation-style summaries where the data exists, and topology-style context.
Share investigation findings without losing packet-level traceability — reports plus CSV/PCAP slices.
Governance for teams that handle sensitive evidence — seats, admin-only controls, policy, and cloud-AI governance.
Senior analysts need deterministic, inspectable evidence — and juniors need a way in that doesn't start with a wall of raw rows. PacketSense gives you both.
Packet details · frame 218
▸ Frame 218: 583 bytes on wire (4664 bits)
▸ Internet Protocol Version 4, Src: 198.51.100.24, Dst: 192.0.2.44
▸ Transport Layer Security
Packet bytes
Sensitive captures should not need to leave the analyst's machine just to get useful answers. PacketSense is designed for local analysis first, with enterprise policy controlling optional cloud workflows.
PacketSense app
Where analysis happens
Captures & reports
Stored locally, by you
Your raw captures never leave this boundary. Analysis runs on your machine.
Confirms your license is active. No capture data is uploaded.
Keeps detections current, verified before use — your captures stay put.
Stays off unless an enterprise explicitly enables and approves it.
This capture shows a workstation resolving and briefly contacting an unknown host. Two signals are worth reviewing:
5 SYN attempts, no completed TCP handshake — a RST arrives from an unexpected source port. Consistent with a blocked or dead service.
→ frames 221, 222
A non-cached DNS query for a suspicious name returned NXDOMAIN. No follow-on connection was observed in this capture.
→ frames 223, 224
Suggested next steps
The Local Analyst Assistant summarizes capture behavior, identifies investigation patterns, suggests next steps, and links back to packet-level evidence so analysts can validate every conclusion.
Enterprise controls let organizations manage seats, enforce local-only workflows, control cloud AI providers, and distribute signed intelligence updates without turning raw captures into cloud telemetry.
Policy controls
Local-only mode
Block all remote export & cloud AI
Allow cloud AI providers
Enterprise-approved providers only
Detailed audit logging
Record analyst actions
Signed intelligence updates
Verify bundle signatures before apply
Seat & device inventory
soc-analyst-01 · macOS
Pro seat
ir-lead-02 · Windows
Pro seat
msp-field-07 · Linux
Individual seat
PacketSense is maturing across three horizons — a capable local-first investigation experience today, deeper enterprise workflows next, and broader deployment options later — while preserving the core promise that raw captures stay local.
Common questions from network and security teams evaluating PacketSense.
PacketSense is a local-first packet-investigation tool for network engineers, SOC analysts and incident responders. It turns PCAP files, live captures and text-based evidence into structured, defensible findings — while raw captures stay on the analyst's machine. It is a product of QuantamQ Solutions Pty Limited and is currently in active pilot for macOS, Windows and Linux.
PacketSense complements raw packet tools like Wireshark rather than replacing them. Wireshark is an excellent low-level dissector; PacketSense adds a guided investigation workflow, triage, and evidence-backed reporting on top of the same packets. Many teams use both — capture in Wireshark or a firewall, then investigate and report in PacketSense.
Yes. Raw captures are processed on your machine by default, and sessions and reports are local files you control. The only things that ever leave the machine are small, non-capture checks such as a licence check or a threat-intelligence update — never your packet data. Optional cloud AI stays off unless an organisation explicitly enables it.
PacketSense works with PCAP and PCAPNG files, live capture from network interfaces, and text-based evidence such as FortiGate-style sniffer logs and hex dumps. Every source is normalised into one inspectable packet model, so a finding from a firewall log is as traceable as one from a capture file.
Yes. PacketSense includes Routing Intelligence, which reconstructs observed OSPF and BGP control-plane behavior from a capture — adjacencies, sessions, an interactive topology, prefixes and policy findings — with each conclusion linked back to the packets. It shows what the capture proves, not an authoritative routing table.
PacketSense is built for network engineers troubleshooting traffic, SOC and MSSP teams triaging alerts, incident responders working under time pressure, and regulated or air-gapped organisations that cannot upload captures to a cloud tool.
PacketSense is in active pilot for macOS, Windows and Linux. There are four licence tiers — Trial, Individual, Pro and Enterprise — and pilot pricing is set per engagement during the beta program. You can request pilot access at packetsense.com/contact.
Request pilot access and evaluate the full local workflow — PCAP and text import, live capture, the Local Analyst Assistant, threat hunting, and reports.