PCAP Analyzer

Analyze a PCAP file online
without opening Wireshark

Upload a .pcap or .pcapng capture. SIPSymposium pulls out the SIP and RTP streams for you and returns severity-ranked findings on signaling, media quality, codecs, NAT, and encryption — in seconds, in plain English.

Free tier · no credit card · 10MB uploads · captures are never stored
How it works

From capture file to root cause

Three steps. Nothing to install, and no display filters to write.

01
Upload the capture
Drop in a .pcap or .pcapng from tcpdump, tshark, a Wireshark export, an sngrep save, or an SBC capture export. Up to 10MB free, 200MB on Pro, 500MB on Teams.
02
SIP and RTP get extracted
The capture is decoded and the relevant streams are located automatically — signaling, SDP, RTP, and RTCP. You do not need to know which ports or streams mattered.
03
Read the findings
Severity-ranked findings with evidence and recommendations, plus an interactive call-flow ladder diagram. Ask follow-up questions in plain English. Export to PDF for the ticket.
What it finds

The things a capture actually tells you

A PCAP holds the whole story — signaling and media together. The analyzer reads both layers and correlates them, which is where most VoIP faults are actually hiding.

SIP signaling
Response codes, failed registrations, dialog state, retransmissions, timer expiries, auth loops
RTP and RTCP quality
Packet loss, jitter, MOS estimation, one-way audio, dead-air gaps, stream timeouts mid-call
SDP and codec negotiation
Offer/answer mismatch, ptime drift, payload type conflicts, DTMF mode, SRTP crypto lines
NAT and topology
Private IPs in SDP, RTP arriving from an unexpected address, symmetric latching failures, SBC rewrites
Encryption and identity
TLS signaling, SRTP profile detection, STIR/SHAKEN attestation and verstat where present
Multi-capture correlation
Upload captures from both ends and compare what each side actually saw — the fastest way to end a finger-pointing exercise
How it compares

Wireshark shows packets. This explains them.

SIPSymposium is not a packet inspector and does not try to be one. It is the interpretation layer for a capture you already have — most engineers keep both.

Tool Primary job Output SIP expertise required
Wireshark Packet-level inspection Every packet, filters, raw call flow High
tshark Scriptable capture inspection CLI output you still have to interpret High
sngrep Live SIP terminal monitor Raw SIP dialogs, colour-coded High
Homer / sipcapture SIP archive and storage Searchable historic SIP data High
SIPSymposium AI analysis of an existing capture Severity-ranked findings with fixes Low
Your capture

What happens to the file you upload

A production capture is sensitive. Here is the straight answer before you upload one.

Not stored after processing
Uploaded PCAP files are processed in memory to generate the diagnostic report. They are not permanently stored on our servers afterwards. See the privacy policy for the full statement.
Your report stays yours
The generated analysis is saved to your account history so you can return to it, share it, or export it to PDF. You can delete it, or your whole account, at any time.
You own the legal side
You are responsible for having the right to capture and analyze the traffic you upload. Check your local wiretapping and data-protection obligations before capturing production calls.
FAQ

PCAP analysis questions

Formats, size limits, what happens to your file, and how this differs from a packet inspector.

How do I analyze a PCAP file online?
Upload the .pcap or .pcapng file and run the analysis. The SIP and RTP layers are extracted from the packets automatically, so you do not need to build display filters or know which streams matter. You get severity-ranked findings with evidence and recommendations, plus an interactive call-flow ladder diagram. No install and no Wireshark required.
What PCAP file formats are supported?
Standard .pcap and .pcapng captures, including files produced by tcpdump, tshark, Wireshark exports, sngrep saves, and most SBC and gateway capture exports. The SIP and RTP layers are located and decoded automatically.
How large a PCAP can I upload?
The free tier accepts uploads up to 10MB — enough for a single call or a short capture window. Pro accepts up to 200MB and Teams up to 500MB, for longer captures and busy trunks. See pricing for the full comparison.
Is my packet capture stored on your servers?
No. Uploaded PCAP files are processed in memory to generate the diagnostic report and are not permanently stored on our servers after processing. You remain responsible for ensuring you have the legal right to capture and analyze the network data you upload. The full statement is in the privacy policy.
Is this a replacement for Wireshark?
No, and it is not meant to be. Wireshark shows you every packet and expects you to know what to look for. SIPSymposium interprets the capture and tells you what went wrong and why. Most engineers keep Wireshark for deep packet forensics and use SIPSymposium to get to the cause quickly — or to hand a readable report to someone who does not read SIP.
What can it find in a VoIP packet capture?
SIP signaling faults (failed registrations, unexpected response codes, dialog problems), SDP and codec negotiation mismatches, RTP and RTCP quality issues (packet loss, jitter, MOS degradation, one-way audio), NAT and topology problems visible from the real addresses in the capture, and TLS or SRTP encryption issues.
I have a text SIP trace, not a capture file.
Paste it instead — log output from Asterisk, FreeSWITCH, Kamailio, OpenSIPS, or an SBC works the same way. See the SIP trace analyzer for that path.
Do I need an account?
A free account, but no credit card. The free tier includes 3 analyses per day with PCAP upload included.

Have a capture to analyze?

Upload the PCAP. Get findings, evidence, and recommendations in seconds — without building a single display filter.