Know where your data travels

See exactly which application on which device contacted every server on the Internet — and whether you should trust it.

An Internet X-ray for your devices and network. Data Travel reveals every destination, grades its security, identifies the application and user behind each connection, and maps it all on a world map.

Sign Up Free How It Works

Created by the inventor of hop starvation and packet lifetime security — learn how hop count changes everything

Real discoveries from Data Travel deployments

IoT DEVICE
Smart plug sending telemetry to Alibaba servers in China
AmazonPlug0600 → 121.199.69.55 • C- grade • No TLS
SCANNER DETECTED
External scanner probing our STUN server at 5 AM
modat.io (Canada) → port 42828 • B+ grade • Known scanner
PROCESS FORENSICS
Chrome browser connecting to Russian VK servers
chrome [BillA:4832] → vk.com • B grade • TLS 1.3 • Moscow
CERTIFICATE ALERT
Server using Kubernetes fake certificate in production
47.246.136.220 • B- grade • TLS 1.3 but fake cert • United States
🔍

See Who Talks to What

Every destination your devices connect to is captured with the application name, username, and process ID that made the connection. Know exactly what's happening.

🛡

Security Grading A+ to F

Every destination gets a composite security grade based on TLS posture, certificate health, identity transparency, geographic risk, and network distance.

📍

Geographic World Map

Interactive dark-themed map shows where your data goes with grade-colored markers. Filter by grade, time, country. Click any point for full details.

🔎

TLS & Certificate Inspection

Deep analysis of TLS versions, cipher strength, certificate chains, expiry dates, self-signed detection, and issuer verification on every destination.

🎯

Hop Count Analysis

Measures the number of routers between you and each destination, revealing how far away a server actually is and whether it resides inside or outside your trust boundary.

🖥

Passive OS Fingerprinting

Best-effort identification of remote server operating systems using TTL analysis and TCP window scale signatures — no cooperation needed from the remote end.

📡

Service Identification

60+ patterns automatically identify AWS, Google, Cloudflare, Meta, Apple, Microsoft, Stripe, and more from TLS certificates, rDNS, and ASN data.

🔄

Full Mesh Device Testing

Test latency and throughput between any two devices in your fleet (N² combinations). 10 devices = 90 test pairs. 100 devices = 9,900 pairs. All bidirectional.

🚨

Asymmetry & Path Analysis

Bidirectional tests reveal when performance differs by direction — catching duplex mismatches, interface errors, and asymmetric routing. Traceroute with GeoIP-enriched hops.

Understanding Hop Count: Why Distance Matters

Every packet on the Internet carries a TTL (Time To Live) value — a countdown that decrements at each router. By analyzing this value, Data Travel reveals something most security tools ignore: how far away is the server your device is talking to?

What Hop Count Reveals

• A destination 9 hops away is likely a major CDN (Cloudflare, AWS) — trusted infrastructure
• A destination 48 hops away in China with no rDNS and a self-signed certificate — that's suspicious
• A destination claiming to be Google but 30+ hops away — possible impersonation
• Combined with OS fingerprinting: TTL also reveals if the remote server runs Linux (TTL 64), Windows (TTL 128), or is a network device (TTL 255)

The Sphere of Trust

• Every network has a natural trust boundary defined by hop count
• Servers inside your data center: 1-3 hops — high trust
• Major cloud providers: 8-15 hops — normal trust
• Unknown servers 40+ hops in high-risk countries — low trust
• Data Travel scores every destination partly on this distance
Data Travel shows you the problem. You see that your data travels to servers 48 hops away in high-risk countries.
Then you take action. Block, alert, capture packets, and send to your SOC — all from one dashboard.

How Data Travel Works

Three components work together — each one adds capabilities the others can't provide.

NETWORK GATEWAY Inline appliance — sees ALL devices Collects: ✓ Every connection on the network ✓ All devices (phones, IoT, guests) ✓ Deep Packet Inspection (DPI) ✓ Source device name & MAC ✓ Bytes transferred per flow ✓ 10 Gbps, fanless, zero maintenance Cannot collect: ✗ Process name / application ✗ Username / who launched it ✗ TCP fingerprint (RTT, MSS, wscale) ✗ Off-network / roaming devices ✗ GPS location DEVICES MONITORED Phones Laptops IoT Guests DEVICE AGENT Software on each device — deep visibility Collects: ✓ Process name (chrome, Outlook, etc.) ✓ Username who spawned it ✓ Process ID for forensics ✓ TCP stats (RTT, MSS, wscale, CWND) ✓ Works anywhere (office, home, travel) ✓ Auto-updates every 60 seconds Cannot collect: ✗ Other devices on the network ✗ IoT / smart home / guest traffic ✗ Deep Packet Inspection ✗ Brief connections (closed between samples) PLATFORMS Windows Linux macOS Chrome DATA TRAVEL SERVER Heavy lifting — no load on agents or gateways ✓ TLS certificate & cipher analysis ✓ GeoIP (local MaxMind — zero API cost) ✓ OS fingerprinting from TTL + TCP ✓ Service ID (60+ patterns) ✓ Security grading A+ to F ✓ Hop count analysis ✓ Geographic risk scoring ✓ Dashboard & world map ✓ N² network testing ✓ Alerts & reporting Destination IPs + device info IPs + process + user + TCP BEST TOGETHER Gateway + Agent on same network: ✓ Gateway catches ALL connections ✓ Agent identifies WHO and WHAT app ✓ Server grades every destination ✓ Full forensic chain: chrome [BillA:4832] → 59.82.122.130 China • C- grade • self-signed cert at 2:34 PM from G16 (10.10.10.20) $79-99/month Free — $19/month Included with all plans

See What No One Else Can Show You

Data Travel gives you visibility that enterprise security tools costing tens of thousands of dollars cannot match — and it starts free for individuals.

DEVICE AGENT

Know Exactly Who Did What

Install a lightweight agent on any Windows, Mac, or Linux device. It runs silently in the background and captures every outbound connection with forensic-level detail.

Which application made the connection — Chrome, Outlook, OneDrive, Notion, or malware
Which user account spawned the process — catch unauthorized access or compromised accounts
Process ID for forensic correlation — tie network activity to specific executables
TCP fingerprint data — RTT, MSS, window scale, congestion window, retransmissions
Works off-network — monitors the device at home, at a coffee shop, on hotel WiFi, on VPN
Auto-updates — agent stays current without user intervention
Example Finding
Alert: C- Destination Detected
chrome [BillA:4832] connected to 59.82.122.130 (China, no rDNS, self-signed certificate)
at 2:34 PM on March 15 from device G16 (10.10.10.20)
NETWORK GATEWAY

See Every Device, No Software to Install

Deploy a gateway appliance inline on your network. It sees every connection from every device — phones, laptops, smart TVs, IoT, guest devices — without installing anything on them.

Every device on the network — iPhones, Androids, smart TVs, Alexa, security cameras, everything
Deep Packet Inspection — app-level traffic classification built into the hardware
Source device identification — which device IP and name accessed each destination
10 Gbps capable — SFP+ inline monitoring, fanless, zero packet loss
Zero maintenance — no OS to patch, no fans to replace, no software to install on devices
Catches everything — even brief connections that close before a device agent can sample them
Example Finding
IoT Device Phoning Home to China
AmazonPlug0600 (10.10.10.107) connected to 121.199.69.55 (Hangzhou Alibaba, China, C- grade)
Device has no agent installed — only visible through gateway monitoring

Best Together: Agent + Gateway

Use both for complete visibility — the gateway catches every connection on your network, the agent tells you which application and user made it.

Gateway Sees The Connection
iPhone (10.10.10.93) → 95.163.52.67 (mail.ru, Russia, C+ grade) at 3:47 PM
Agent Adds The Context
Process: Outlook [BillA:9284] — it was your email client, not a browser or malware
Server Provides The Intelligence
TLS 1.2, no rDNS, Russian hosting, 23 hops away, C+ grade — possible spam relay or phishing infrastructure

Every Destination Gets a Full Security Analysis

Regardless of which agent or gateway reports a destination, the Data Travel server runs the same deep analysis — all locally, no per-query API costs.

TLS Certificate Analysis
Protocol version (1.2 vs 1.3), cipher strength, certificate chain, expiry date, self-signed detection, issuer verification
Geographic Risk Scoring
Local MaxMind database — country, city, ISP, ASN. High-risk nations (Russia, China, North Korea, Iran) flagged and penalized in grading
Identity Transparency
60+ service patterns match TLS certificates and rDNS to known providers — AWS, Google, Cloudflare, Meta, Microsoft, Apple, and more
OS Fingerprinting
TTL-based remote OS identification — Linux, Windows, macOS, network devices. No cooperation needed from the remote server
Network Distance
Hop count deduction reveals how many routers stand between you and each destination — a fundamental concept from packet lifetime and sphere of trust security
Security Grade A+ to F
Composite score from TLS posture, certificate health, identity, geography, and distance. Every destination graded — from perfect A+ to critical F
Darktrace starts at $30,000/year. ExtraHop starts at $15,000. Cisco Stealthwatch starts at $10,000.
Data Travel starts free. Gateway from $79/month — $0 upfront.
Gateway appliance, 10G SFP+ optics, cabling, and professional installation all included in your monthly plan.
Start Free

Real Findings From Real Networks

These are actual discoveries made by Data Travel on production networks. Every destination gets the same rigorous analysis.

C+
Expired Certificate on AWS
ec2-32-192-210-127.compute-1.amazonaws.com

A laptop on the network was connecting to what appeared to be an Amazon Web Services endpoint. Data Travel's analysis revealed something concerning: the TLS certificate was expired, issued to localhost.localdomain (a default placeholder), and self-signed.

This isn't Amazon — it's someone running an EC2 instance with poor security hygiene who never configured a real certificate. Without Data Travel, this connection would look like normal cloud traffic.

TLS 1.2 Cert EXPIRED Self-Signed AES-128
C-
Unknown Device Phoning Home to China
Hangzhou Alibaba Advertising Co., Ltd.

Data Travel detected an IoT device sending data to an IP in Hangzhou, China with no reverse DNS, no TLS verification, and unknown identity. The destination was 22 hops away and running Linux.

The gateway identified the source as a smart home device — invisible to endpoint security tools but fully visible to Data Travel's network monitoring.

High-Risk Country No Reverse DNS Unknown Identity 22 Hops
F
Active Malware Host Detected
Cross-referenced against 5.7 million threat domains

Data Travel checks every destination against 5.7 million known threat domains from three independent sources: UT1 Toulouse University (70 categories), HaGeZi Threat Intelligence, and URLhaus active malware feeds.

When a device connects to a known malware command-and-control server, cryptojacking site, or phishing domain, the grade drops to F immediately — with the specific threat category identified.

Malware C2 Cryptojacking Phishing Stalkerware
A
Smart Blocklist Intelligence
GitHub — 4,464 blocklist entries, zero real threat

Traditional blocklist tools flagged 4,464 entries associated with GitHub's infrastructure — malware in repos, phishing on GitHub Pages, adult content on user sites. A simple blocklist tool would mark every GitHub connection as dangerous.

Data Travel's intelligence engine distinguishes platform-level noise from genuine threats. GitHub is a trusted platform that hosts third-party content — the blocklist entries reflect user abuse, not a compromised service. The finding is shown as informational context, not a grade penalty.

Trusted Platform Advisory Only TLS 1.3 Known Identity
Forensic Capability

On-Demand Packet Capture

When Data Travel detects a suspicious destination — a known malware host, an expired certificate, an unknown server in a high-risk country — you can trigger a full packet capture directly from the dashboard.

The system captures up to 10,000 full-size packets for up to 24 hours on the specific IP address — every byte, every header, every payload. When the capture completes, you're notified and the .pcap file is ready to download from the Rules & Actions dashboard.

Open it in Wireshark or any packet analyzer for deep forensic analysis of exactly what data was exchanged with the flagged destination. No guessing, no logs — the actual packets.

How It Works
1
Spot a bad destination
Data Travel flags it with security findings, blocklist hits, or a low grade
2
Click “Capture Packets”
Set packet count and duration — the gateway or agent starts capturing immediately
3
Come back later
The capture runs in the background — up to 4 captures simultaneously on different IPs
4
Download the .pcap
Full Wireshark-compatible capture ready in the Rules & Actions dashboard
Available on Gateway & Agent
Network gateways capture all traffic to/from the IP across every device. Device agents capture traffic specific to that machine. Both produce standard .pcap files.

N² Network Performance Testing

Test latency and throughput between any two devices in your fleet — whether they're in the same rack, different offices, or opposite sides of the planet.

Bidirectional Testing
Every test runs in both directions simultaneously — because IP networks are half-duplex and problems are directional.
Asymmetry Alerts
Automatic detection when latency or throughput differs >10% between directions — flags interface errors, congestion, and routing issues.
Path Visualization
SVG diagrams show both directions with metrics, traceroute hops, and GeoIP-enriched router locations.
NAT Traversal
Tests work across NAT boundaries via STUN/TURN relay — agents behind home routers and corporate firewalls can test each other.
With N devices, you can run N² unique test pairs — 10 devices = 90 test combinations, 50 devices = 2,450 combinations, 500 devices = 249,500 combinations

Plans for every scale

Start free. Upgrade as your network grows.

Free

$0/month
  • 3 devices
  • 7-day history
  • Security grades A-F
  • TLS & certificate analysis
  • GeoIP mapping
  • OS fingerprinting
Get Started
Coming Soon

Pro

$19/month
  • 10 devices
  • 30-day history
  • N² latency testing
  • Email alerts on D/F grades
  • Priority analysis
  • Everything in Free
Coming Soon
Coming Soon

Team

$49/month
  • 25 devices
  • 60-day history
  • N² latency + throughput
  • Bidirectional traceroute
  • Asymmetry detection
  • 3 team members
Coming Soon
Coming Soon

Business

$149/month
  • 100 devices
  • 90-day history
  • Full N² test suite
  • NAT traversal (TURN relay)
  • Scheduled recurring tests
  • Compliance reports
  • 10 team members
Coming Soon
Coming Soon

Enterprise 500

$499/month
  • 500 devices
  • 180-day history
  • Full N² (124,750 pairs)
  • Automated test scheduling
  • API access
  • SSO / SAML
  • 25 team members
  • Priority support
Coming Soon

Enterprise+

Custom
  • 1,000 — 10,000+ devices
  • 365-day history
  • On-premise deployment
  • Dedicated TURN servers
  • Custom integrations
  • Unlimited team members
  • SLA & dedicated support
  • White-label option
Contact Sales
All plans include auto-updating agents for Linux, macOS, Windows, iOS (PWA), and Chrome. Annual billing: save 20%.

Data Travel Gateway

See every device on your network. No agents to install. One appliance monitors everything.

How It Works
1
Deploy the gateway
Plug a UniFi Cloud Gateway inline between your internet connection and your network. 10G SFP+ on both sides. Fanless, silent, zero maintenance.
2
Connect to Data Travel
Enter your gateway IP in the Data Travel dashboard. We connect via secure API and SSH to collect connection data, DPI classifications, and device inventory.
3
See everything
Every device — phones, laptops, IoT, smart TVs, guest devices — appears on your dashboard with security grades, destinations, and geographic mapping. No per-device agents needed.
What You Get
Every device on your network — no agents to install
Deep Packet Inspection — app-level traffic classification
10 Gbps monitoring — SFP+ inline, zero packet loss
Fanless, silent, air-cooled — no maintenance
Security grades for every destination on every device
Geographic world map of all data flows
IoT, smart home, and guest device visibility
Device fingerprinting and identification
N² network testing between any endpoints
Combine with agents for roaming device coverage

Gateway Pricing

Gateway kit includes appliance, 2x 10G SFP+ modules, color-coded cabling, and remote-directed professional installation.

$0 upfront — gateway & installation included at $50/month added to your service plan.

Bring Your Own Hardware

$29/month
  • You provide compatible gateway
  • Remote setup assistance included
  • Up to 25 devices
  • Full security analysis
  • DPI + conntrack + GeoIP
  • 30-day history
Get Started

Gateway 1-Year

$99/month
  • $0 upfront — gateway & install included
  • $50/mo gateway + $49/mo service
  • Up to 50 devices
  • Full security analysis
  • DPI + conntrack + GeoIP
  • 90-day history
  • N² network testing
  • Year 1 total: $1,188
Contact Sales

Gateway 2-Year

$89/month
  • $0 upfront — gateway & install included
  • $50/mo gateway + $39/mo service
  • Up to 100 devices
  • Full security analysis
  • DPI + conntrack + GeoIP
  • 180-day history
  • N² testing + traceroute
  • Priority support
  • 2-year total: $2,136
Contact Sales

Gateway 3-Year

$79/month
  • $0 upfront — gateway & install included
  • $50/mo gateway + $29/mo service
  • Up to 100 devices
  • Full security analysis
  • 365-day history
  • All features included
  • Hardware replacement warranty
  • Priority support
  • 3-year total: $2,844
Contact Sales

Cloud Gateway

Same visibility for your cloud infrastructure. No hardware needed.

AWS
VPC Flow Logs + Transit Gateway monitoring
Azure
NSG Flow Logs + VNet Gateway monitoring
Google Cloud
VPC Flow Logs + Cloud Router monitoring
Contact Us for Cloud Pricing

Agent vs Gateway — Which is right for you?

AgentGatewayBoth
Sees all network devices
IoT / smart home / guests
Deep Packet Inspection
Works off-network (roaming)
Per-process identification
TCP fingerprinting
GPS location trackingmobilemobile
N² network testing
10 Gbps capable
Zero per-device install
Starting priceFree$29/mo$29/mo + agents