Network Forensics

Network forensics, or your 'network time machine,' helps you pinpoint the source of intermittent performance issues and conduct investigations to identify the source of data leaks, HR violations, or security breaches. Get ready now – before a specific event actually happens – so digital evidence is collected and ready to help you find that needle in the haystack.

With WildPackets Network Forensics solutions, data is always available for reconstruction and easy analysis of intermittent issues, cyber attacks, and network security or data breaches. All pertinent network traffic is collected in a single location, rather than scattered across the network. Data is captured in a common data format and does not need to be transferred or translated in any way for analysis.

Using our network forensics data mining tools, network engineers have the data they need to identify and fix problems users are complaining about that only occur intermittently, and security teams can reconstruct the sequence of events that occur at the time of a network breach or cyber attack and get the complete picture.

The WildPackets Solution for Distributed Network Analysis

While other network forensics products force you to capture with one product, then transfer gigabytes or terabytes of data to another tool for analysis, WildPackets Network Forensics solutions enable you to analyze data at the point of capture, and eliminate the need for large data transfers that consume time and bandwidth. By utilizing Intelligent Data Transport™, WildPackets Network Forensics solutions minimize traffic loads on the network and let you find the data you're looking for, quickly and easily.


24x7 access to ALL network data and network forensics mining tools lets you:

  • Ensure network and security data are captured 24x7 and not sacrificed when SPAN ports are needed for other applications
  • Reduce Mean-Time-To-Resolution (MTTR) by eliminating the time consuming step of having to reproduce problems before they can be analyzed and responding to issues in real-time, often solving issues before mission critical applications are impacted
  • Understand service-level compliance within your organization
  • Comply with government regulations and Human Resources policies by auditing and tracking all network activity


If you're not already reaching for network forensics to address a pesky intermittent network issue, benchmark application performance for SLAs, or investigate a data breach, you should be. WildPackets Network Forensics solutions offer the following capabilities:

  • Comprehensive data collection: Hours or even days of network traffic —anything that crosses the network, whether email, IM, VoIP, FTP, HTML, or some other application or protocol — collected by a single system and stored in a common, searchable format. Terabytes of data available through a single interface.
  • Flexible data collection: Collect all data on a network segment for future inspection or focus on a specific user or server.
  • High-level analysis: Eliminate the need for brute-force analysis across disparate data sources with access to WildPackets' award-winning Expert Analysis, graphical reports, and application performance scoring.

When you're searching through gigabytes or terabytes of data, these unique WildPackets features make the difference between a quick, convenient search and a laborious, time-consuming search involving multiple tools and large data transfers:

  • Support for frame decodes during capture
  • Support for on-the-fly capture filters
  • Support for Selected Related packet filters
  • Support for name table entry and aliases
  • Support for multiple simultaneous capture windows
  • Ability to sort by number of problems, top talkers, most delays, etc.
  • Ability to organize flows by application type
  • Ability to organize flows by client/server pair
  • Ability to capture from multiple simultaneous NICs
  • Ability to capture from 802.11 wireless LANs
  • Ability to store packets in a MySQL database
  • Conversation Map at the point of capture
  • Built-in Experts for recognizing security attacks such as Gin, Jolt, Land, Oversize IP, and WinNuke

Use Cases

With WildPackets Network Forensics solutions in place, you can conduct various types of forensic investigations:

  • Network performance benchmarking for detailed reporting on network performance, bottlenecks, activates, etc.
  • Network troubleshooting for handling any type of network problem, especially those that happen intermittently.
  • Transactional analysis for providing the "ultimate audit trail" for any transactions where server logs and other server-based evidence doesn't provide a thorough picture of a transaction. Remember, packets don't lie!
  • Security attack analysis for enabling security officers and IT staff to characterize and mitigate an attack that slipped past network defense such as a zero day attack.

Intermittent Issues

  • Capture and analyze intermittent network problems
  • Troubleshoot problems that occurred hours or days ago
  • Find the patterns that ad hoc, reactive troubleshooting will miss

Security Cyber Attack Analysis

  • Detect and characterize attacks—whether they’ve just begun or occurred days ago
  • Apply filters to isolate malicious behavior
  • Equip your network IT team with a powerful incident response tool

Transaction Analysis

  • Create the ultimate audit trail for business transactions—not just server activity but the business transactions enacted by clients and servers
  • Troubleshoot the transaction problems that server logs miss

For more details or to arrange a demo, please call (925) 937-3200 or write to

WildPackets is now Savvius

For the latest information on our products and services please go to our new site at

We are in the process of migrating some of our legacy content to our new site, so is still available. If the content you are looking for has already been migrated we will automatically redirect you.