Browser capture analysis — upload a .pcap / .pcapng and see, locally, each flow's application protocol, peer, TLS fingerprint and security risks. The capture is parsed locally in your browser.

What it shows

• Application-protocol mix (TLS, DNS, QUIC, HTTP…), with each flow's peer, host, TLS version and fingerprint;
• Traffic security alerts (obsolete TLS, suspicious domains, cleartext, …), sorted by severity;
• Censorship-interference signs — per-packet detection of TCP RST injection and DNS poisoning;
• Optional: send the capture's public peer IPs to the server to check their cleanliness and origin (off by default, button-triggered).

FAQ

What formats and size are supported?

.pcap / .pcapng, up to 100MB per file; the file is loaded whole into memory, so start with a small/medium capture.

Is the capture file uploaded?

No — the capture is always parsed locally in your browser. When you click "Analyse destination IPs", the public peer IPs found in it are sent to the server to look up their cleanliness and origin.

Want to diagnose your own network exit?

This tool analyses the peers in your capture; to test whether your current exit looks like a VPN / proxy or leaks, use the full deep check.