NT Community
NetworkTotal's website has changed, we need new translations, do you feel like helping the community?
Sign in to NT Community

Safety ratings and user comments (In depth analysis, reports, etc.) on network traffic, free and easy.

Keep me logged in
Forgot your password? Create an account

How does NetworkTotal work?

When you upload a pcap file (tcpdump capture file), they will be processed by The Suricata IDS.

NetworkTotal is currently applying only Suricata IDS Engine and the Emerging Threats PRO rules.
Integration with other engines is a work in progress. Contact me if you want to add your engine.

Why use NetworkTotal?

You can run wireshark on your computer for a while, and upload the pcap too see if you are infected with some malware that your Antivirus does not detect (or maybe you dont run an AntiVirus?).
Maybe you want to do a quick check of some network traffic, and dont have access to a Intrusion Detection Engine... Maybe you have a pcap from a sandbox and want to see if an IDS will trigger on the traffic...

How can I make a pcap file so I can upload it?

For Windows users, I recommend Wireshark. For Linux, BSD, Mac users etc, I recommend tcpdump. which is hopefully shipped with your system.

Does NetworkTotal have an API?

Not exactly, but you can look at my example bash script for uploading pcaps, and for searching for events in the uploaded pcaps.

Can I add my/our Detection Engine or ruleset?

If you have a Detection Engine that works on a Linux OS and have reasonable output, it should not be a big problem to integrate - We do our best! If you have a ruleset for Snort or Suricata, it should also be a trivial task to integrate.

Wont hackers/criminals/badguys/(input name here) misuse NetworkTotal to theire favour?

They might! And they are free to do so... But I believe that you should have more layers of security than just one. That said, there are more Detection Engines and rulesets out there, and other ways of detecting unwanted behaviour in your Network. And dont forget Anti-Virus and Host based Intrusion Detections and so on....

What happens to my pcap? Is it stored?

NetworkTotal stores the pcap for the time it takes to process it (seconds). After that, the pcaps are deleted from the system, as I dont have storage to store them, and to dont deal with privacy issues. Thats also why I dont display more info currently about the pcaps, as uploaded pcaps can reveal info about your network, ie. malware encoding machinename, username, networknames/shares, internal or NATed IPs etc.