HTTP session reconstruction
Rebuild client-server exchanges with request/response pairing, headers, forms, and body content in an analyst-readable view.
Features
Everything you need to triage a capture — without the desktop install.
Core analysis capabilities match what analysts expect from online PCAP tools, with a roadmap focused on Wireshark parity and privacy controls.
Core analysis
Host and service map
Graph view of communicating hosts with TCP/UDP patterns, passive fingerprints, and protocol role hints.
File and payload extraction
Extract transferred files from HTTP flows with previews — useful for malware delivery and phishing triage.
Credential exposure scan
Detect plaintext and challenge-response artifacts: HTTP Basic/Digest, SIP, SMB, NTLMv1/v2, Kerberos, LDAP, Postgres, MSSQL, Telnet, FTP.
Wireless artifacts
SSIDs, probe requests, multicast patterns, and WPA handshake detection from 802.11 captures.
Event detection
Automated highlights for port scans, insecure auth, and other anomalies worth analyst attention.
Built to go beyond the basics
These differentiators are planned to make WiresharkOnline the better choice for serious analysts — not just another upload-and-forget tool.
Wireshark display filters
Use familiar display filter syntax in-browser — planned parity with Wireshark filter expressions.
Capture diff
Compare two captures side-by-side to spot new flows, changed endpoints, or regression during incident response.
Export annotated PCAPNG
Download captures with expert comments and bookmarks for handoff to desktop Wireshark.
Display calibration
Auto-detect device, screen diagonal, or credit card calibration for accurate timeline density on your screen.