Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Decoder: Upload a Packet Capture File

Document created by RSA Information Design and Development Employee on Sep 13, 2017Last modified by RSA Information Design and Development Employee on Nov 24, 2020
Version 25Show Document
  • View in full screen mode

There are occasions when you want to analyze a packet capture file that is not available on the service you are using. You can upload a file captured on another service to NetWitness Platform. Supported packet capture file types are pcap and pcap.gz.

When a packet capture file is uploaded to a Decoder, the Decoder creates sessions from the packet capture file packets. These sessions are added to the already decoded sessions on the Decoder and are available for analysis. NetWitness Platform includes a filename tracking option that makes searching for a particular set of sessions easier. When the packet capture file is uploaded with file tracking, the Decoder adds meta to the sessions based on the uploaded filename. You can then filter sessions for analysis using that meta.

The option to upload a packet capture file is dimmed when other Decoder operations prevent an upload from occurring; for example, when the Decoder is capturing packets. 

To select and upload a packet capture file:

  1. Go to (Admin) > Services.

    The Administration Services view is displayed.

  2. Select the Decoder name, and  > View > System.

    The Services System view for the Decoder is displayed.

  3. In the toolbar, click Upload Packet Capture File.

    The Upload Packet Capture File dialog is displayed.

    This is an example of the Upload Packet Capture File dialog.

  4. To choose a capture file, click Select.

    A directory view is displayed.

  5. Browse the directory and select the packet capture file that you want to upload.

    The filename is displayed in the Upload File(pcap,pcap.gz) field.

  6. If you want the Decoder to add meta to the sessions based on the filename, click the checkbox next to Track Filename.
  7. To upload the file, click Upload.

    A progress bar shows upload progress.

    Upload time varies depending on the size of the file. When the file upload is complete, a status message is displayed. The file is now available for investigation.

You are here
Table of Contents > Decoder and Log Decoder Additional Procedures > Upload a Packet Capture File