What file formats can I upload?

We accept native .pcap and .pcapng packet-capture files only. Compressed archives (ZIP, RAR, 7-Zip, etc.) are not supported.

Is there an upload size limit?

Yes. Plan-based upload size limits apply.

How long do you retain my PCAP and the report?

Both the original file and its PDF report are stored for one hour and then permanently deleted.

What does the one-time payment include?

A single $9 payment covers one upload, full AI analysis, and a downloadable PDF report—no recurring fees.

Which plans let me upload multiple files?

Monthly and yearly subscription tiers include multiple uploads per cycle, as shown in the pricing table.

Do you provide an API for automated uploads?

Yes. Our REST API is available to Advanced subscribers. Generate an access key and integrate from CI, SIEM, or custom scripts.

In what format is the analysis delivered?

Results are provided as a professionally formatted PDF with network statistics, threat findings, and remediation advice.

What if I miss the 1-hour download window?

For security, both the capture and its report are erased after an hour. Re-upload the file to run a new analysis.

Do you collect any personal data from the files?

No. We cannot track user-identifiable information, and everything is auto-purged after processing.

What personal information is required for subscriptions?

Only the minimal billing details required by our payment processor (card, country, email) are collected.

How does your AI engine work?

Our engine blends deep-packet inspection with machine-learning to decode protocols, detect anomalies, extract credentials, and map threats to MITRE ATT&CK.

Can I upgrade or cancel my subscription at any time?

Yes. You can upgrade, downgrade, or cancel anytime from your dashboard; changes apply immediately or at the next billing cycle.

Do you store or display the passwords found in my PCAP?

No. Pcap AI operates on strict zero-trust principles. Any cleartext credentials or sensitive payloads detected during the analysis are immediately mathematically masked (e.g., [REDACTED]). Your PDF report will prove the exposure exists without ever printing the actual secrets, ensuring your compliance with SOC2 and GDPR.

How to Automate Compliance Audits and Detect Rogue Scanners in PCAP

Q: How do you detect sqlmap in a packet capture?

By analyzing HTTP User-Agent strings (e.g., sqlmap/1.10.2#stable) and identifying rapid, repetitive injection payloads (SQLi/XSS) originating from a single source IP. Pcap AI automates this signature and behavioral analysis.

The Challenge: Manual Compliance Validation

Preparing for a SOC2, PCI-DSS, or HIPAA audit often requires proving that your network controls are working. Manually digging through packet captures to verify encryption-in-transit or hunting for unauthorized rogue scanners on the network is a massive time sink for security teams.

Hidden Reconnaissance

Attackers and malicious insiders use tools like sqlmap to quietly map vulnerabilities. Finding these automated scans buried in gigabytes of normal HTTP traffic is difficult without dedicated IDS rules.

Regulatory Blind Spots

Proving that 100% of sensitive traffic is encrypted to satisfy PCI-DSS (Req 4.2) requires tedious protocol analysis. A single unencrypted session can result in an audit failure.

🕵️‍♂️

"We failed our initial compliance check because an internal developer was running unauthorized SQL injection scans against our staging environment. Finding the evidence in the PCAP retroactively took our team three days."

The Solution: Automated Regulatory Mapping

Pcap AI acts as an automated forensic auditor. It parses the packet capture, identifies active threats, and directly maps network behavior to specific regulatory framework violations.

✦ Rogue Scanner Detection: Automatically flags user-agents and behavior patterns associated with vulnerability scanners (e.g., sqlmap), mapping them to MITRE T1595.002.
✦ Framework Violation Mapping: Instantly correlates detected anomalies to specific compliance controls, such as SOC2 (Unauthorized Network Discovery) and PCI-DSS 4.0 (Req 6.4).
✦ Encryption Audits: Validates data protection requirements (HIPAA) by calculating the exact percentage of plaintext vs. encrypted traffic in the capture.
✦ Executive Dashboards: Generates a TLP:CLEAR forensic PDF with an executive risk score (e.g., 100/100) and actionable remediation steps for auditors.

Wireshark Manual Analysis vs. Pcap AI

Manual (Wireshark)

Filtering by HTTP user-agents, manually identifying exploit payloads, and cross-referencing findings with compliance frameworks. Process takes several hours.

Pcap AI

Automated scanner detection, protocol auditing, and direct mapping to SOC2/PCI/NIST controls. Process takes less than 20 seconds.

Frequently Asked Questions

How do you detect sqlmap in a packet capture?

By analyzing HTTP User-Agent strings (e.g., sqlmap/1.10.2#stable) and identifying rapid, repetitive injection payloads (SQLi/XSS) originating from a single source IP. Pcap AI automates this signature and behavioral analysis.

Can PCAP analysis help with SOC2 or PCI-DSS compliance?

Yes. PCAP analysis provides ground-truth evidence of network behavior. It can prove that encryption-in-transit is strictly enforced (PCI DSS Req 4) and verify that unauthorized network discovery and scanning are successfully blocked (SOC2 Security Criteria).

AI Analysis Output (Sample)

AI Analysis Proof for How to Automate Compliance Audits and Detect Rogue Scanners in PCAP

Download Full PDF Report See exactly what our AI discovers.