DEV Community

Cover image for Discover The Network Packet Threat Analyzer API
Dakidarts profile image Etuge Anselm
Etuge Anselm for Dakidarts

Posted on

Discover The Network Packet Threat Analyzer API

#api #rapidapi #dakidarts #cybersecurity

Detect malicious or suspicious network traffic from PCAP or raw packet data.
Supports detection of:

  • Malicious / Suspicious traffic
  • Protocol anomalies
  • C2 beacon detection
  • Entropy-based payload analysis
  • Suspicious port usage

Useful for SOC automation, enterprise monitoring, and forensic investigations.

Network Packet Threat Analyzer API

Base URL 

https://network-packet-threat-analyzer-api.p.rapidapi.com
Enter fullscreen mode Exit fullscreen mode

Endpoints

πŸ” /analyze

Analyze PCAP or raw packet data.

Method

  • POST

πŸ› οΈ Request Parameters

POST

Supports three content types:

  1. Multipart Form-Data
  • pcap (file, required): PCAP file to analyze.
  1. JSON Body 
 { "pcap_b64": "<base64 encoded PCAP>" }
Enter fullscreen mode Exit fullscreen mode
  1. Raw Bytes
  • Content-Type: application/octet-stream
  • Body: raw PCAP file bytes

βœ… Response Format 

{ "status": "ok", "summary": { "packets_analyzed": 142, "unique_src_count": 3, "unique_dst_count": 5, "duration_seconds": 12.4, "threat_level": "medium" }, "detections": [ { "type": "suspicious_port", "port": 4444, "count": 8, "reason": "suspicious/listed port observed" }, { "type": "beacon_behavior", "beacons": [ { "endpoints": ["192.168.1.10", "203.0.113.45"], "samples": 12, "avg_interval_seconds": 10.2, "variance": 0.3 } ], "reason": "regular periodic connections detected" } ], "metrics": { "file_size_bytes": 25874, "packets": 142, "unique_src_ips": 3, "unique_dst_ips": 5, "duration_seconds": 12.4, "top_protocols": [["tcp", 85], ["udp", 57]], "top_ports": [[80, 50], [4444, 8]], "average_payload_entropy": 6.9, "analysis_time_seconds": 0.237 }, "threat_score": 55 }
Enter fullscreen mode Exit fullscreen mode

⚠️ Error Responses

Code Message Cause
400 {"error": "invalid base64 in pcap_b64"} Bad base64 input
400 {"error": "No pcap provided"} Missing input file/data
404 {"error": "No sample found on server"} sample=true but no sample configured
413 {"error": "Uploaded file is too large"} PCAP > 25MB
500 {"error": "internal server error"} Unexpected server failure

πŸ“‚ Example Requests

πŸ”Ή Analyze Packets

/analyze

Methods

  • POST β†’ Production use (upload live PCAP / raw traffic).
  • GET β†’ Testing only (loads local test_capture.pcap included with the API).

πŸ”Ή Request (POST)

1. Multipart Form Upload

curl -X POST \ -F "pcap=@/path/to/capture.pcap" \ -H "x-rapidapi-key: YOUR_RAPIDAPI_KEY" \ https://network-packet-threat-analyzer-api.p.rapidapi.com/analyze
Enter fullscreen mode Exit fullscreen mode

2. Raw Bytes Upload

curl -X POST \ --data-binary @capture.pcap \ -H "Content-Type: application/octet-stream" \ -H "x-rapidapi-key: YOUR_RAPIDAPI_KEY" \ https://network-packet-threat-analyzer-api.p.rapidapi.com/analyze
Enter fullscreen mode Exit fullscreen mode

3. JSON Base64 Upload

curl -X POST \ -H "Content-Type: application/json" \ -H "x-rapidapi-key: YOUR_RAPIDAPI_KEY" \ -d '{"pcap_b64": "<base64_string>"}' \ https://network-packet-threat-analyzer-api.p.rapidapi.com/analyze
Enter fullscreen mode Exit fullscreen mode

πŸ”Ή Request (GET β€” Testing Only)

Runs analysis against the built-in test_capture.pcap in the project folder.

curl -X GET \ -H "x-rapidapi-key: YOUR_RAPIDAPI_KEY" \ https://network-packet-threat-analyzer-api.p.rapidapi.com/analyze
Enter fullscreen mode Exit fullscreen mode

⚑ Key Features

  • Detects malicious or suspicious traffic
  • Identifies protocol anomalies
  • Flags C2 beacon patterns
  • Provides threat score (0–100)
  • Supports multipart upload, raw bytes, JSON base64
  • Built-in GET test mode for analysts

⚠️ Notes

  • GET is for testing only with test_capture.pcap.
  • For production SOC integration, always use POST.
  • Ensure PCAP file size is within RapidAPI limits.

Top comments (0)