FlowTruss

Docs

A concise quick start for the Network Dataflow Analyzer (NDA). Learn the core workflow: ingest, filter, inspect, annotate, and export.

Quick Start

Analyze your first capture in 5–10 minutes

NDA turns PCAPs into a living map of nodes and flows so you can narrow fast, inspect what matters, and export report-ready artifacts. Core analysis runs locally and works offline.

Launch web build Download NDA User Guide

Getting started workflow

A simplified end-to-end workflow for your first investigation.

  1. Open NDA

    Launch the web build or the desktop app. If a control is missing, your edition/build may not include it.

  2. Load a capture

    Drag and drop a .pcap/.pcapng onto the canvas, or use Ingest > Open PCAP.

  3. Confirm ingest

    Top-bar counters update and the graph appears. Use Ctrl/Cmd+Shift+F to fit the full graph.

  4. Narrow fast

    Use quick toggles (Internet/Broadcast/OT-only/Insecure) and the search box to focus on the traffic you care about.

  5. Inspect & annotate

    Click nodes and edges to open the Inspector. Add notes, shapes, and icons to capture findings as you go.

  6. Export & save

    Open Export Hub (Ctrl/Cmd+Shift+E) for PNG/SVG/PDF/CSV. Save a .ndap project to resume later.

Quick tip: If the canvas looks empty after ingest, try Ctrl/Cmd+Shift+F, then Filters > Reset, and confirm the time window is set to the full capture.

What NDA is (and isn’t)

  • A fast visual analyzer for PCAP-based investigations.
  • A workflow tool: filtering, projects, annotations, exports, and diffs (edition/build dependent).

NDA isn’t a live IDS/IPS or a TLS decryption tool.

Data handling & privacy

  • NDA performs analysis locally and does not upload your PCAP by default.
  • Desktop builds store projects and exports locally.
  • Web builds use browser storage for persistence when available.
  • Optional experiences (for example feedback forms) may open external links; core investigation works offline.

Loading data (ingest)

Supported inputs commonly include:

  • .pcap / .pcapng
  • .ndap projects
  • .csv asset enrichment (license-dependent)

Tip: Use a Demo dataset (when available) to learn features without using production captures.

After ingest, counters update (Nodes/Edges/Packets/Bytes) and the graph renders on the canvas.

Core concepts

  • Nodes are endpoints; edges are communications (flows).
  • Filters narrow what you see; time window narrows when it happened.
  • Layouts arrange the graph; use pins/Lock Positions to preserve a manual arrangement.

Filter language

Paste these into the search box:

  • proto:modbus port:502
  • ip in 192.168.0.0/24 AND NOT flag:insecure
  • (type:plc OR type:hmi) AND vendor:siemens
  • bytes>50m AND duration>10
  • meta.Owner:"Network Ops" AND country:US

Tip: AND is implicit: a b c means a AND b AND c.

Quick filters

For fast narrowing, look for toggles like:

  • Hide Internet
  • Hide Broadcast
  • OT only
  • Highlight insecure

Exporting

  • Open Export Hub from the toolbar or Ctrl/Cmd+Shift+E.
  • Visual exports: PNG / SVG / PDF for report-ready diagrams.
  • Data exports: CSV (flows/inventory) and other formats (build-dependent).

Projects & sharing (.ndap)

  • Projects preserve your investigation workspace: filters, time window, layout, annotations, and more.
  • Save with Ctrl/Cmd+S (or use the toolbar).
  • Read-only .ndap exports are designed for safe sharing (license-dependent).

Compare captures (Graph Diff)

Compare two states of the graph to highlight added, removed, or changed nodes/flows.

  • Use Snapshots (A/B) for before/after comparisons; use Timeline for two time slices.
  • Set byte/percent thresholds to reduce noise.
  • Toggle diff with D (when not typing).

Graph Diff availability is edition/build dependent.

Annotations & icons

  • Right-click the canvas to add text, shapes, connectors, or images.
  • Use predefined icons (firewall, router, switch, server, workstation, OT/IoT) or upload your own.
  • Group items for cleaner diagrams and faster exports.

Handy shortcuts

  • Ctrl/Cmd+/ focus search
  • Ctrl/Cmd+Shift+F fit full graph
  • Ctrl/Cmd+Shift+E open Export Hub
  • Ctrl/Cmd+S save project
  • Ctrl/Cmd+P toggle docked panels

Troubleshooting basics

  • Blank canvas after ingest: fit graph, reset filters, and confirm the full time window.
  • Missing features: check Settings > License and confirm your edition/build.
  • Need help: start at Support or submit a bug.