Docs · Tools

Network Scanner

The Network Scanner watches live traffic on an interface and summarizes it — top talkers, protocols, and conversations — so you can see what is actually flowing across your network right now.

Category: Recon & Scan
Powered by: tshark
Edition: Free
Where: Desktop → Network Scanner tab

What it does

It performs a live packet capture on a chosen interface and turns raw frames into readable statistics: which hosts are busiest, which protocols dominate, and which conversations are happening. You can stop at any time and export the capture as a .pcap for Wireshark.

How to use it

Choose an interface

Pick the network interface to listen on (Wi-Fi, Ethernet, etc.) from the dropdown.

Set a duration or packet cap

Decide how long to capture, or how many packets — short captures are easier to read.

Capture

Click Capture. Live counts update as packets arrive.

Export

Save a .pcap if you want to dig deeper in Wireshark, or read the built-in summary.

Options

Interface — which adapter to sniff.
Duration / packet limit — bound the capture so it stays readable.
Pcap export — write the raw capture to disk for offline analysis.

What you get

A traffic summary (top talkers, protocol breakdown, conversations) plus an optional pcap file. It pairs naturally with the Fleet's NDR pillar, which turns connection telemetry into beaconing and C2 detections over time.

Tips

Capturing needs permission to put the interface in promiscuous mode (admin/root on most systems).
Keep captures short on busy links — a few seconds is often enough to spot the pattern.
No tshark yet? A demo summary lets you preview the workflow before installing Wireshark/tshark.

Authorized use only. Only capture traffic on networks you own or are permitted to monitor. Inputs are sanitized and subprocesses run without shell=True.

PreviousPort Scanner Next Network Mapper