KestrelSIGHT

Support

We're here to help you get the most out of Kestrel.

Contact Us

Have questions, feedback, or need assistance? We'd love to hear from you.

Email Support
General questions, bug reports, and feature requests
support@tracivex.com

Frequently Asked Questions

What file formats does Kestrel support?
Kestrel supports PCAP (.pcap) and PCAPNG (.pcapng) files. These are the standard formats exported from tools like Wireshark, tcpdump, and other packet capture utilities.
How do I open a PCAP file in Kestrel?
Tap "Open Capture File" on the start screen and navigate to your PCAP file. You can transfer files to your device via AirDrop, iCloud Drive, Files app, email attachments, or any cloud storage service.
Is my data secure?
Kestrel runs entirely offline with zero network connections. Your PCAP files are analyzed locally on your device and are never uploaded anywhere. We did not add any trackers, analytics services, or crash reporting tools to Kestrel. No software application can guarantee absolute security. See our Privacy Policy for details.
What are the file size limits in Kestrel Sight?
Kestrel Sight handles files based on size: Files up to 1GB get full features with automatic TCP stream reassembly. Files over 1GB have TCP reassembly disabled to preserve memory. Files over 2GB may experience raw search performance degradation. The Sensitive Data Scanner, File Carving, and Media Extraction features are available in Kestrel PRO.
Why is TCP stream reassembly disabled for my file?
TCP stream reassembly requires significant memory to reconstruct conversations from individual packets. For files over 1GB, this feature is automatically disabled to prevent memory issues and keep the app stable on mobile devices.
Why is analysis slow on large files?
Larger PCAP files require more processing time and memory. Analysis speed depends on your device capabilities. For best performance on very large captures, ensure your device has sufficient available memory. Files over 2GB may experience performance degradation.
Can Kestrel capture live network traffic?
No. Kestrel analyzes existing PCAP files only. Due to iOS and iPadOS security restrictions, live packet capture is not possible. You'll need to capture traffic on another device or using dedicated hardware, then transfer the PCAP file to Kestrel for analysis.
Why don't I see any files or media extracted?
File carving and media extraction only work on unencrypted traffic and are only available in Kestrel PRO. If your capture consists primarily of HTTPS/TLS encrypted connections, the payload data cannot be decoded and no files can be extracted. SSL/TLS certificate import for decrypting captured traffic is on our feature roadmap but not yet available.
How do I return to the start screen?
Tap the Kestrel logo in the top-left corner of the screen. This will close the current capture and return you to the start screen, freeing up memory.

Sight Version Features

Included in Kestrel Sight

  • Dashboard with traffic overview and statistics
  • Packet browser with filtering and detailed inspection
  • Raw data search in original, unprocessed format
  • Flow reconstruction with bidirectional statistics
  • Host profiling with traffic analysis
  • DNS query extraction and search
  • TCP stream reassembly (auto-runs for files under 1GB)
  • Chain of custody forensic tracking
  • Timeline visualization with filtering
  • Sensitive Data Scanner PRO
  • File Carving PRO
  • Media Extraction PRO

File Size Notes

  • Files up to 1GB: Full features with automatic TCP reassembly
  • Files over 1GB: TCP reassembly disabled
  • Files over 2GB: Raw search performance degradation

App Information

Version

1.0

Requires

iOS 18.0 or later

Compatibility

iPhone and iPad

Supported Formats

PCAP, PCAPNG

Ideal For

Security Professionals Network Admins Incident Responders Pen Testers