What file formats can I upload?

We accept native .pcap and .pcapng packet-capture files only. Compressed archives (ZIP, RAR, 7-Zip, etc.) are not supported.

Is there an upload size limit?

Yes. Plan-based upload size limits apply.

How long do you retain my PCAP and the report?

Both the original file and its PDF report are stored for one hour and then permanently deleted.

What does the one-time payment include?

A single $9 payment covers one upload, full AI analysis, and a downloadable PDF report—no recurring fees.

Which plans let me upload multiple files?

Monthly and yearly subscription tiers include multiple uploads per cycle, as shown in the pricing table.

Do you provide an API for automated uploads?

Yes. Our REST API is available to Advanced subscribers. Generate an access key and integrate from CI, SIEM, or custom scripts.

In what format is the analysis delivered?

Results are provided as a professionally formatted PDF with network statistics, threat findings, and remediation advice.

What if I miss the 1-hour download window?

For security, both the capture and its report are erased after an hour. Re-upload the file to run a new analysis.

Do you collect any personal data from the files?

No. We cannot track user-identifiable information, and everything is auto-purged after processing.

What personal information is required for subscriptions?

Only the minimal billing details required by our payment processor (card, country, email) are collected.

How does your AI engine work?

Our engine blends deep-packet inspection with machine-learning to decode protocols, detect anomalies, extract credentials, and map threats to MITRE ATT&CK.

Can I upgrade or cancel my subscription at any time?

Yes. You can upgrade, downgrade, or cancel anytime from your dashboard; changes apply immediately or at the next billing cycle.

Do you store or display the passwords found in my PCAP?

No. Pcap AI operates on strict zero-trust principles. Any cleartext credentials or sensitive payloads detected during the analysis are immediately mathematically masked (e.g., [REDACTED]). Your PDF report will prove the exposure exists without ever printing the actual secrets, ensuring your compliance with SOC2 and GDPR.

How to Detect Cleartext Credentials and Unencrypted Traffic in PCAP

Q: How do you find HTTP Basic Auth in Wireshark?

You can use the display filter 'http.authbasic' to find packets containing basic authentication. However, the credentials will be Base64 encoded. Pcap AI automatically detects this unencrypted transmission and flags it as a high-severity MITRE T1040 risk.

Q: Why is cleartext traffic dangerous?

When traffic is 100% plaintext, anyone sniffing the network can read passwords, session cookies, and sensitive data. This allows attackers to easily capture credentials and perform lateral movement within your network.

The Challenge: Hunting for Hidden Secrets

Detecting security misconfigurations like HTTP Basic Authentication or unencrypted API traffic is like finding a needle in a haystack. Network engineers and SOC analysts often have to blindly filter packets, hoping to catch credentials before an attacker does.

Manual Decoding

Even if you use filters like http.authbasic, Wireshark only shows the Base64 encoded string. You still have to manually extract and decode the payload to verify the exposure.

Hidden Web Exploits

Spotting Cross-Site Scripting (XSS) probes requires manually inspecting URL-encoded GET requests across thousands of HTTP packets to find malicious brackets (><).

🕵️‍♂️

"We suspected an old legacy app was leaking passwords. Going through the PCAP, right-clicking 'Follow TCP Stream' on hundreds of connections just to find one unencrypted login took hours."

The Solution: Automated Security & Encryption Audits

Pcap AI eliminates manual payload inspection. By uploading your capture, the engine automatically calculates encryption ratios, extracts HTTP paths, and maps vulnerabilities directly to the MITRE ATT&CK framework.

✦ Encryption Status: Instantly detects if 100% of your traffic is plaintext, highlighting exactly how much data is dangerously exposed.
✦ MITRE T1040 (Network Sniffing): Automatically flags plaintext credentials in HTTP traffic and identifies the exact source and destination IPs involved.
✦ MITRE T1190 (Public-Facing App Exploit): Detects URL-encoded XSS probes and malicious payloads without requiring manual string searches.
✦ Clear Evidence: Generates a boardroom-ready PDF proving the exposure, complete with actionable mitigation steps like implementing HTTPS and CSP.

Wireshark Manual Analysis vs. Pcap AI

Manual (Wireshark)

Applying http.authbasic filters, following TCP streams, and manually decoding Base64 credentials. Process takes 30–60 minutes.

Pcap AI

Automated encryption ratio calculation, MITRE ATT&CK mapping, and XSS detection. Process takes less than 20 seconds.

Frequently Asked Questions

How do you find HTTP Basic Auth in Wireshark?

You can use the display filter http.authbasic to find packets containing basic authentication. However, the credentials will be Base64 encoded. Pcap AI automatically detects this unencrypted transmission and flags it as a high-severity MITRE T1040 risk.

Why is cleartext traffic dangerous?