In the Packet Analysis panel (Event Analysis > Packet Analysis), you can safely view and interactively analyze the packets and payload of an event.
What do you want to do?
*You can perform this task in the current view.
- How NetWitness Investigate Works
- Event Analysis View
- Event Analysis View - Text Analysis Panel
- Event Analysis View - File Analysis Panel
Only network events can be analyzed in the Packet Analysis panel. The Packet Analysis panel lists each packet in the event. The list of packets is scrollable. When you scroll, the packet or text identification information as well as the Request and Response labels remain visible rather than scrolling out of view.
In Version 11.1 and later, you can use pagination controls to go backward and forward through the pages, go to a specific page, and select the number of packets to display per page (100, 300, or 500).
Each packet is displayed with shading and highlighting to help identify common file patterns: significant header and payload bytes, hexadecimal and ascii bytes, and common file signatures. In addition, you can adjust the request/response display, and display or hide the packet summary.
Below is an example of the Packet Analysis panel with labels to identify features. For details and examples of each feature, see Analyzing Raw Events and Metadata in the Event Analysis View.