Here is a list of best free PCAP file analyzer software for Windows. Using these PCAP analyzer, you can view PCAP i.e. Packet Capture file information like Packet Source/Destination Address, Packet Time, MAC Address, IP Address, Packet Size, Number Of Packets, etc. Besides this, some software also provide various sections to show packet protocol information in detail. Some of the important sections present in these freeware are Packet Viewer, Steams Viewer, DNS section, etc. Most of these software also allow you to view hex information contained in the data. These PCAP analyzers also provide Filters and Search tools to quickly find and analyze a specific information. Along with viewing and analyzing the PCAP data, you can also edit PCAP data in one of these analyzers.
My Favorite PCAP File Analyzer Software For Windows:
PCAP Analyzer is my favorite because it extracts most amount of information from a PCAP file. Plus, it also helps in identifying the malicious behavior present in a PCAP file.
You can also check out lists of best free Network Time Synchronizer, Audio Spectrum Analyzer, and Crash Dump Analyzer software for Windows.
PCAP Analyzer is a free PCAP file analyzer software for Windows. The main task of this software is to report back any malicious behavior found in a PCAP file. Besides this, you can also use this software to analyze the packet capture data stored in a PCAP file.
To analyze a PCAP file and to find malicious behavior, this software provides various sections which divide analysis data into various sections named as:
- Packet Viewer: In this section, in you can view packet source address, packet destination address, protocols used in sending and receiving the data packets, packet size, packet arrival time, total length, and more.
- Streams Viewer: It shows all stream types namely TCP, UDP, IRC, SMTP, SSL/TSL Streams, SMB Streams, NBSS Streams.
- Background Traffic: It helps you analyze all the captured background traffic data such as background packets, packets source/destination, protocol used by background traffic, UDP streams, and more.
- Malware Summary: From this section, you can view and analyze all occurrences of malicious behavior. This section also shows all source and destination address of packets which are identified as malicious, number of times malicious packet is sent or transferred, exact name of HTTP request that requested the malicious packet, etc.
- Blacklisted Address: It shows information of all packets which come or transferred from/to blacklisted addresses.
- Domain Name Flux: This section shows a graphical representation of Unigram, Bigram, and Trigram distribution containing Torping, HTTP request, and IP address as graph parameter.
Using these available sections, you easily view and analyze PCAP files.
Home Page Download Page
Wireshark is another free PCAP file analyzer software for Windows. This software is also a popular network protocol analyzer through which you can analyze what is happening on your network. Along with PCAP file, this software can also be used to analyze PacketLogger file, XML file, Novell LANanalyzer file, Endace ERF Capture file, and more.
To analyze a PCAP file, first, launch this software and load a PCAP file. After loading a PCAP file, you immediately get a table showing various fields namely Packet Source Address, Packet Destination Address, Protocol, Packet Length, Time, etc. By selecting one row of the table at a time, you can access more information such as Hex Code, Flags, Window Size Value, Check Sum Status, and more information to further analyze the data.
This software also provides a dedicated Analyze Field that allows you to analyze a specific or a set of CAP-formatted parameter by applying filters, enabling certain protocols, following a specific stream (TCP, UDP, HTTP, etc.), and more.
Statistics is also another important section of this software that shows statistics related to Endpoints, Packet Length, DNS, BACnet, UDP Multicast Streams, etc. Besides this, Input and Output graph and Flow Graph of packets are also provided in it.
Overall, it is another handy software to analyze PCAP files.
Home Page Download Page
NetworkMiner is a free open source PCAP file analyzer software for Windows. It is also used as a packet sniffer to detect open ports, operating systems, sessions, hostnames, etc. without putting any traffic on the network. In this software, you can load files of various formats including PCAP. It then extracts all important information that is required to analyze the PCAP file. After extracting the data, this software divides it onto various sections namely Parameters, DNS, Hosts, and Files.
- In the Parameters Section, you can view names of all the parameters (PREF, GET, Host, Client, Cookies, etc.), Parameters Source Host/Destination Host, Source/Destination Port, Timestamp Information, and Details (HTTP cookies, HTTP request, HTTP QueryString, etc.).
- In the DNS section, you can view Packet (Frames) Names, DNS TTL, Transaction ID, DNS Query, etc. information of every packet.
- Hosts Section shows host system information like IP Address, MAC Address, Number of Packet Sent, Number of Incoming/Outgoing Sessions, OS Name, and more.
- Files is another handy section that shows details of received and sent files such as File Size, File Source Host/Destination Host, Protocols, Timestamp, Reconstructed File Path, and Timestamp.
Along with these main sections, you can find more handy sections in this software using which you can extract every small detail of a PCAP file which is needed for the analysis.
Home Page Download Page
ParserCap is the next free PCAP analyzer software for Windows. Using this software, you can analyze information contained in both CAP and PCAP files. At a time, you can load and analyze one PCAP file in it. As soon as you load a PCAP file, it immediately shows a table containing PCAP files such as MAC Address, IP Address, Packet Size, Number Of Packets, TCP %, UDP %, DNS, etc. Besides this, it also provides two analyzing tools namely Identifiers and DNS Analiz.
- The Identifiers tool shows all identifiers contained in a particular row of the table such as Content-Type, Content Deposition, Content-Length, Content-Encoding, and more.
- The DNS Analiz tool shows you graphs of all different DNS Queries along with information including DNS Query Count, Duration, Query Starting, and Ending Count.
This software also contains some additional tools namely MAC Vendors, Converters, URL Decoder, and Unix Time.
Home Page Download Page
WireEdit is yet another free PCAP file analyzer software for Windows. As its name implies, this software is mainly used to edit network packet data, but its property to extract information from PCAP files also makes it a good PCAP file analyzer.
In this software, you can load, edit, and analyze both the PCAP and CAP files. As soon as you load a PCAP file, it shows a table containing all the standard information including Packet Time, Source Address, Destination Address, and Types. By selecting one of the tables at a time, you can also view the hex code of that row. Just below the table, it also shows detailed information of Ethernet II, IPv4, and TCP Protocols.
This software also has a tools menu using which you can extract further informationwhich include Port Mapping (Protocols, Transport, and Port), Packet Details (packet number, time between packets, etc.), and More Packet Details (PDU tree structure, layers name, layers column, etc.).
In general, it is a simple and straightforward PCAP file analyzer software that you can find for free. Home Page Download Page
Microsoft Network Monitor
Microsoft Network Monitor is one more free PCAP file analyzer software for Windows. Using this software, you can view the content of network packets that are being sent and received over a live network. Similar to showing the live packet information, it also shows packet information and other important information contained in a PCAP file. Apart from PCAP, it also supports CAP and ETL files.
This software extracts and shows the data contained in a PCAP file in the form of a table. In the table, you can view attributes like Frame (Packet) Number, Packet Time and Date, Time Offset, Packet Source, Packet Destination, Protocol Name, and Description. By selecting a row of a table at a time, you can view further information like captured fame length, hex details, next protocol, PayLoadLen, flags, total IP length, etc. To find the specific type of information, you can also apply various filters on the table.
Apart from viewing and analyzing the data, you can also edit data through this software. After editing, you can save the data in a CAP (.cap) file. Home Page Download Page