A framework for secure and scalable network traffic analysis. Convert packet streams into type-safe structured audit records for machine learning and security research.

View on GitHub Documentation

Memory Safe Runtime

Implemented in Go with garbage collection. Safely parse potentially malicious network data without buffer overflows or memory corruption vulnerabilities.

66+ Audit Record Types

Decode TCP, UDP, HTTP, TLS, DNS, DHCP, and 50+ more protocols. Capture flows, connections, files, and credentials as structured data.

ML-Ready Output

Export to Protocol Buffers, CSV, or JSON. Feed directly into Python, TensorFlow, or any data science pipeline for anomaly detection and threat classification.

High-Performance

Concurrent multi-core processing for gigabit-speed capture. Distributed collection with sensors and collectors for enterprise-scale deployments.

Features

Pro

Pricing

Download

Docs

What is Netcap?

Netcap (NETwork CAPture) is an open-source framework that efficiently converts network packet streams into platform-neutral, type-safe structured audit records. These records represent specific protocols or custom abstractions and are ideal for machine learning, security research, and forensic analysis.

The project won 2nd Place at Kaspersky Labs SecurIT Cup 2018 in Budapest and is actively maintained and developed.

The Problem

Traditional packet capture tools output raw packet data that requires significant post-processing. Security researchers and data scientists spend more time on data collection and transformation than on actual analysis.

The Solution

Netcap bridges this gap by providing structured, high-dimensional data about observed traffic. It allows researchers to focus on experimentation rather than data wrangling.

Key Benefits:

  • Memory Safe - Implemented in Go with garbage collection for safe parsing of potentially malicious network data
  • Protocol Buffers - Output encoded with Google’s Protocol Buffers for cross-language compatibility
  • Concurrent Design - Leverages multi-core architectures for high-performance packet processing
  • 66+ Audit Records - Comprehensive coverage of network protocols and custom abstractions
  • Cross-Platform - Supports Linux, macOS, and Windows with consistent output formats
  • Extensible - Multiple ways to add support for new protocols while maintaining memory safety
  • ML Ready - Output formats optimized for machine learning pipelines and data analysis tools

Framework Components

The framework consists of 9 integrated tools compiled into a single binary:

Tool Purpose
capture Capture audit records live or from PCAP files
dump Display audit records in various formats
label Create labeled CSV datasets for ML training
collect Collection server for distributed deployments
agent Sensor agent for distributed collection
proxy HTTP reverse proxy for web service traffic
util Validate records and convert timestamps
export Export Prometheus metrics
transform Maltego transformation plugin

Use Cases

  • Monitoring honeypots and detecting intrusions
  • Securing medical and industrial IoT devices
  • Research on anomaly-based detection mechanisms
  • Network forensics and incident response
  • Training machine learning models on network data

License

Netcap Core is licensed under the GNU General Public License v3, which is a very permissive open source license that allows others to do almost anything they want with the project, except to distribute closed source versions.

For detailed documentation, visit docs.netcap.io. A complete list of supported protocols is available in the protocol support documentation.

Open Source

Netcap Core

Free and open source network traffic analysis framework. Licensed under GPLv3.

66+

Protocol Decoding

Audit record types covering network protocols and custom abstractions

Click to explore

Supported Protocols

TCPUDPHTTPTLS DNSDHCPARPICMP SSHFTPSMTPNTP SNMPSIPUSB...
View all protocols
LIVE

Live Capture

Real-time packet capture with concurrent multi-core processing

Click to explore

Capture Modes

  • Network interface monitoring
  • PCAP file processing
  • Distributed collection
  • HTTP proxy capture
Learn more
PROTO

Protocol Buffers

Cross-language output format optimized for ML pipelines

Click to explore

Output Formats

  • Protocol Buffers (.ncap)
  • CSV export
  • JSON streaming
  • Prometheus metrics
Learn more

9 Integrated Tools

capture
dump
label
collect
agent
proxy
util
export
transform

Use Cases for Netcap Core

Security Research

Train machine learning models on network data for anomaly detection and threat classification. The structured output is perfect for feeding into Python, TensorFlow, or scikit-learn pipelines.

Honeypot Monitoring

Deploy sensors across honeypots to capture attacker behavior. Distributed collection architecture scales to monitor entire networks of decoys.

IoT & Medical Devices

Monitor industrial control systems and medical devices. Memory-safe parsing ensures stability when processing traffic from embedded systems.

Forensic Analysis

Process PCAP files from incident response. Extract credentials, files, connections, and protocol-specific data for detailed post-mortem analysis.

Try Now

Live Demo

Experience NETCAP Pro in your browser with pre-loaded example data. No installation required.

Instant Access
Example Data
Full Features
Launch Live Demo
try.netcap.io
Commercial

NETCAP Pro

Cross-platform desktop application for advanced network analysis. Available from Amsterdam Technologies.

Network Analysis
Reimagined

A powerful desktop application that brings enterprise-grade network analysis to your fingertips. Built with the Netcap Core engine, enhanced with professional features.

Try Live Demo Amsterdam Technologies

Cross-Platform App

Native desktop application for macOS, Windows, and Linux with beautiful modern UI

Graph Analysis Engine

Maltego-style visual link analysis with interactive node-based graph exploration

AI-Powered Analysis

Intelligent threat detection, anomaly identification, and automated report generation

Tool Integrations

Seamless integration with Wireshark, Metasploit, hashcat, John, and BetterCrack

Timeline Analysis

Visual timeline of network activity for temporal pattern recognition and forensics

Investigation Notes

Add annotations to hosts, devices, and fields for collaborative investigations

35+ Analysis Modules

AlertsAuditCertificatesConnections CredentialsDevicesDomainsDPI FilesFingerprintsGraphHosts HTTPLogsPCAPsProbes RecordsRulesServicesSoftware VulnerabilitiesBPF FiltersDecodersHarvesters

Use Cases for NETCAP Pro

Penetration Testing

Integrate with Wireshark, Metasploit, hashcat, and John for complete offensive security workflows. Crack captured credentials and analyze attack surfaces in one interface.

Threat Hunting

Graph analysis engine provides Maltego-style link analysis. Visualize connections between hosts, identify lateral movement, and map attack infrastructure.

Incident Response

Timeline analysis shows network activity over time. AI-powered features detect anomalies and generate reports. Add investigation notes to document findings.

Security Operations

Cross-platform desktop app for macOS, Windows, and Linux. Beautiful modern UI designed for analysts who need to work efficiently across different environments.

Ready to upgrade your network analysis?

Try NETCAP Pro free for 14 days. No credit card required.

Start Free Trial View Pricing
Pricing

Simple, Transparent Pricing

Choose the plan that fits your needs. All plans include access to the full NETCAP Pro application.

Core

Free forever

Open source CLI tool for developers and researchers

  • 66+ audit record types
  • Protocol Buffers & CSV export
  • Live capture & PCAP analysis
  • Prometheus metrics export
  • Maltego integration
  • Distributed collection
  • Desktop application
  • Graph analysis engine
  • AI-powered features
Download Free
Most Popular

Pro

$ 49 /month

Full-featured desktop app for security professionals

  • Everything in Core
  • Cross-platform desktop app
  • Graph analysis engine
  • AI-powered threat detection
  • Timeline analysis
  • Tool integrations (Wireshark, etc.)
  • Investigation notes
  • Session export & loading
  • Email support
Start 14-Day Trial

Enterprise

Custom pricing

For teams and organizations with advanced needs

  • Everything in Pro
  • Unlimited team seats
  • Priority support (SLA)
  • Custom integrations
  • On-site training
  • Dedicated account manager
  • Custom feature development
  • Security audit assistance
  • Volume licensing
Contact Sales

Feature Comparison

Feature Core Pro Enterprise
Audit Record Types 66+ 66+ 66+
Live Capture
PCAP Analysis
Desktop Application
Graph Analysis
AI Features
Timeline Analysis
Tool Integrations Maltego All All + Custom
Support Community Email Priority SLA
Team Seats N/A 1 Unlimited

Frequently Asked Questions

Can I try before I buy?

Yes! NETCAP Pro includes a 14-day free trial with full access to all features. No credit card required.

What payment methods do you accept?

We accept all major credit cards, PayPal, and wire transfer for enterprise customers.

Can I cancel anytime?

Yes, you can cancel your subscription at any time. You'll continue to have access until the end of your billing period.

Do you offer educational discounts?

Yes! We offer 50% off for students and educators. Contact us with your .edu email for verification.

Open Source

Licensing

Netcap Core is dual-licensed to support both open source and commercial use.

GPL-3.0 License

For open source projects and personal use

  • Free to use, modify, and distribute
  • Must keep source code open
  • Derivative works must use GPL-3.0
  • No warranty provided
View Full License

Commercial License

For closed-source and proprietary products

  • Use in proprietary software
  • No copyleft requirements
  • Priority support available
  • Custom terms negotiable
Contact for Licensing

Contributor License Agreements

Contributors to Netcap must sign a CLA to enable dual licensing. This allows us to offer both open source and commercial licenses while protecting contributors' rights.

Individual CLA Entity CLA

Note: The Go standard library components used in Netcap are subject to the BSD-style license of The Go Authors. See the LICENSE file for complete details.

Latest Posts

View All Posts

Download

Get Netcap Core

Open source network traffic analysis framework. Free under GPLv3.

Source Code

Clone or fork the repository to build from source.

View on GitHub

Precompiled Binaries

Download ready-to-run binaries for macOS, Windows, and Linux.

Download Latest

Docker Images

Run Netcap in a container with all dependencies included.

Docker Hub

Quick Start with Docker

Terminal 
docker run -it dreadl0ck/netcap:alpine-v0.5 ash

Or pull the image: docker pull dreadl0ck/netcap:alpine-v0.5

Documentation

Comprehensive guides, API reference, and tutorials.

Read the Docs

Get in Touch

Questions about Netcap Core, Pro, or Enterprise? We'd love to hear from you.