Skip to content

Host Details

In ordinary capture tools, a piece of traffic gives you only an IP and a domain. In Trace Eagle, one click on the host opens its full dossier: who it belongs to, where it is, whether its certificate is healthy, and what technology it runs. Whether you have an IP or a domain, one click looks it up. It is useful for troubleshooting, security audits, and asset inventory.


Wherever a captured host / IP / SNI appears in the interface, click it to open the host dossier (the field is filled in automatically and the lookup starts):

  • The target IP and hostname in HTTP traffic details
  • The target IP and SNI in TCP / TLS traffic details
  • The “View host dossier” item in the right-click menu of the traffic list and the packet view
  • The live connections panel

Click, and the host’s full dossier opens.

Host dossier: ownership info (IP / ASN / route prefix), DNS records, TLS certificate checkup (grade A), and web tech stack all on one screen


  • The resolved IP and reverse DNS (PTR)
  • ASN: number + name + announced route prefixes (CIDR)
  • The owning organization, registry, and country
  • Network block (CIDR + allocation type)
  • Abuse-report contact
  • City / region / country (including ISO code)
  • The exact location marked on a world map, visible at a glance

Geolocation: city / region / country, with the host’s specific location marked on a world map

  • A / AAAA / MX records, showing type / value / TTL

TLS certificate checkup (whether it is secure)

Section titled “TLS certificate checkup (whether it is secure)”
  • A / B / C / F security grade (with a prominent color marker)
  • Whether the hostname matches, whether the certificate chain is trusted, and expiry status (expired or not / days remaining)
  • TLS version, certificate issuer and subject (organization)
  • With the TLS audit tool you can also see: the full certificate chain (subject / issuer / validity / days remaining / DNS names / whether it is a CA / key type / signature algorithm / whether self-signed), the list of supported protocols, the cipher suites and their strength (weak-suite / forward-secrecy markers), the suite actually negotiated in this handshake, and the Certificate Transparency (CT) logs, which list all hostnames a single certificate covers at once and give the total count, digging out even related subdomains that never appeared in the traffic
  • Page title, Server header
  • Detected server / framework / CMS / library (shown as tags)

  • Troubleshooting: see at a glance “who this traffic actually connects to, and which data center / carrier it goes through.”
  • Security audit: verify whether the certificate is trusted, whether it is about to expire, whether the cipher suites are strong enough, and whether there is downgrade risk.
  • Asset inventory / attribution: use the ASN, organization, and registration info to determine the peer’s ownership; then, following the CT logs, surface all hostnames a single certificate covers plus related subdomains at once, an attribution capability ordinary capture tools simply do not have.
  • Complaints and reports: get the abuse-report contact directly.

One piece of traffic vs. a full dossier: in ordinary capture tools, a piece of traffic stops at one IP and one domain; here, one click shows ownership, geolocation, certificate checkup, and tech stack all at once.


Back to Proxy Capture