Custom Packet Analysis

ProofREADER is a packet analyzer with strict syntax checks and programmable filter/analytics logic. With ProofREADER one can easily create a Python script for any packet filtering algorithm. All packets in a capture file could be analyzed before a first filtering decision is made. Python code stubs for accessing individual packet field values are generated automatically with a GUI Wizard.

What is ProofREADER good for?

  • New protocols analysis and verification
  • Detecting malformatted packets
  • Custom Pcap filtering
  • Pcap security analysis with Python
Key Features
Custom Analytics & Filters

Easy access from Python to any packet field of any packet for custom analytics. Custom Python packet filters of any complexity are supported.

Strict Syntax Control

Our dissectors are built in strict compliance to the official specs. A non-standard packet is marked with a warning describing the issue.

Custom Dissectors

If you are doing R & D and the packet analyzer tools you have yet to support the necessary application dissector, we will develop the one for you in a matter of weeks.

Frequently Asked Questions

Why would I want ProofREADER if I have Wireshark™?

Wireshark™ is a superb tool for catching complex TCP/IP connectivity problems. But nothing is perfect. You may consider ProofREADER when Wireshark™ doesn't include an application dissector you need or find packet analysis capabilities of Wireshark™ insufficient.

ProofREADER dissectors automatically add a descriptive warning to the packet decode tree when a discrepancy in the packet structure is detected. This capability could come in handy in development of a new protocol stack from specs. ProofREADER programmable filters support easy access to all fields at all layers of a packets. Two-pass filters allow working through all packets in the file before making a filtering decision. This could be used for auto-aggregating packets into transactions, for example. No need to remember long dot-separated field names. They are auto generated by a GUI Wizard.

What is ProofREADER "Custom Analytics" capability?

Think about correlating a ransomware generating DNS or ICMP packet, possibly used for data exfiltration so you have to look inside; the HTTP traffic with an obfuscated JavaScript, etc. A packet analyzer without a programmable filter engine is not the best tool for the job.

ProofREADER makes analyzing packets with Python easy.