What file formats can I upload?

We accept native .pcap and .pcapng packet-capture files only. Compressed archives (ZIP, RAR, 7-Zip, etc.) are not supported.

Is there an upload size limit?

Yes. Plan-based upload size limits apply.

How long do you retain my PCAP and the report?

Both the original file and its PDF report are stored for one hour and then permanently deleted.

What does the one-time payment include?

A single $9 payment covers one upload, full AI analysis, and a downloadable PDF report—no recurring fees.

Which plans let me upload multiple files?

Monthly and yearly subscription tiers include multiple uploads per cycle, as shown in the pricing table.

Do you provide an API for automated uploads?

Yes. Our REST API is available to Advanced subscribers. Generate an access key and integrate from CI, SIEM, or custom scripts.

In what format is the analysis delivered?

Results are provided as a professionally formatted PDF with network statistics, threat findings, and remediation advice.

What if I miss the 1-hour download window?

For security, both the capture and its report are erased after an hour. Re-upload the file to run a new analysis.

Do you collect any personal data from the files?

No. We cannot track user-identifiable information, and everything is auto-purged after processing.

What personal information is required for subscriptions?

Only the minimal billing details required by our payment processor (card, country, email) are collected.

How does your AI engine work?

Our engine blends deep-packet inspection with machine-learning to decode protocols, detect anomalies, extract credentials, and map threats to MITRE ATT&CK.

Can I upgrade or cancel my subscription at any time?

Yes. You can upgrade, downgrade, or cancel anytime from your dashboard; changes apply immediately or at the next billing cycle.

How to Detect TCP Retransmission Storms in PCAP

Q: How do you find TCP retransmissions in Wireshark?

Network engineers typically use the filter 'tcp.analysis.retransmission' or 'tcp.analysis.fast_retransmission'. However, this only filters the packets. Pcap AI automatically analyzes these packets to calculate exactly what percentage of traffic is failing and points directly to the offending IP pair.

The Challenge: The "Sea of Red" in Wireshark

When users complain that "the application is slow," network engineers are left to prove whether it's a network drop, a congested switch, or a slow server. Opening a large packet capture only to see thousands of black and red lines (TCP Retransmissions and Duplicate ACKs) is overwhelming.

Root Cause Guesswork

Filters like tcp.analysis.retransmission only show that packets are dropping, not why. You still have to figure out if it's a duplex mismatch or a microburst.

Tedious Graphing

Proving a latency bottleneck requires manually plotting tcptrace I/O graphs, calculating Round Trip Times (RTT), and comparing sequence numbers by hand.

🕵️‍♂️

"Users blamed the network for database timeouts. Wireshark showed a 40% retransmission rate, but graphing the sequence numbers to prove it was a server-side window size issue took me half the day."

The Solution: Automated Performance Dashboards

Pcap AI eliminates manual TCP stream tracking. By uploading your capture, the ML engine instantly calculates global metrics and isolates the specific endpoints responsible for the congestion.

✦ Retransmission Scoring: Instantly calculates global and per-endpoint packet loss rates (e.g., highlighting a critical 15% retransmission rate on a specific VLAN).
✦ Network vs. Application Latency: Automatically differentiates between slow network links (High RTT) and slow server application responses (Zero Window / Window Full events).
✦ Microburst Detection: Identifies sudden spikes in throughput that overwhelm switch buffers, causing massive temporary packet drops.
✦ Clear Evidence: Generates a clean, boardroom-ready PDF proving exactly why the application is slow, ending the "finger-pointing" between DevOps and NetOps.

Wireshark Manual Analysis vs. Pcap AI

Manual (Wireshark)

Configuring tcp.analysis filters, exporting tcptrace graphs, and manually calculating RTT averages. Process takes 1–3 hours.

Pcap AI

Automated throughput, latency, and retransmission calculation per flow. Process takes less than 20 seconds.

*Based on a 1GB PCAP file with dense enterprise application traffic.

Frequently Asked Questions

How do you find TCP retransmissions in Wireshark?

Network engineers typically use the filter tcp.analysis.retransmission or tcp.analysis.fast_retransmission. However, this only filters the packets. Pcap AI automatically analyzes these packets to calculate exactly what percentage of traffic is failing and points directly to the offending IP pair.

What causes a TCP retransmission storm?

A TCP storm occurs when packets are dropped in transit, forcing the sender to resend them repeatedly. Common causes include congested switch buffers, faulty Ethernet cables, duplex mismatches, or an overloaded firewall dropping states.

AI Analysis Output (Sample)

AI Analysis Proof for How to Detect TCP Retransmission Storms in PCAP

Download Full PDF Report See exactly what our AI discovers.