Packetman saysPacketman here. Most tools miss that an IP network is half-duplex: the path A-to-B isn't the path B-to-A — different routers, different loss. So when a link is "slow," the honest question is which direction. The mesh measures each agent-to-agent path both ways. When a number isn't enough, Advanced Packet Diagnostics captures the packets on both ends and hands you a plain-English read on which direction is hurting. That used to need a twenty-thousand-dollar analyzer. Now it's a credit.A DataStun agent doesn’t just watch traffic — paired with another agent it can measure the path between them. The mesh runs that test between every pair of your agents, and reports each direction on its own, because an IP path is half-duplex: A→B and B→A can have completely different throughput and loss. When you need proof, Advanced Packet Diagnostics captures the packets on both ends and adds an AI read of what went wrong.
Passive grading already reads kernel TCP health from real sessions on every tier. The mesh adds active measurement: paired agents run a controlled, small-burst test between themselves — smart sampling, not a bandwidth flood — so you get a deterministic number for a path you care about, on demand.
I’m PacketMan — forty-five years finding the one slow link in networks everyone else gave up on. The usual internet speed test floods hundreds of megabytes at one server to measure a single road: you, to the internet. It can’t see the path from your workstation to your file server, or branch to data center — where the real problems live.
DataStun measures those paths. Every agent tests every other — the N² mesh above — connecting directly through home routers and carrier NAT the way FaceTime does, both directions. The enterprise platforms that do a version of this price it for a network-operations team; we put it on a lightweight agent, every OS, starting in about five minutes on three agents.
No tool can promise a perfect network — nobody can. This shows you where your data goes, how the trip went each way, and which leg to fix first. It’s definitely more fun to be ready.
One mesh run yields six independent readings, reported separately for each direction. Comparing the two directions is what turns “the network feels slow” into “the outbound leg to this destination is dropping packets.”
A speed number is only as good as the method behind it. Ours is built to report what the path actually does.
No inbound port to open, no VPN required for the test itself.
| Capability | Individual | Tribe | Business | Enterprise |
|---|---|---|---|---|
| Passive TCP health grade (RTT, retransmit %, A–F) from real sessions | ✓ | ✓ | ✓ | ✓ |
| Active mesh speed test between paired agents (N²) | — | — | add-on | add-on |
| Per-direction throughput / jitter / loss / retransmit | — | — | add-on | add-on |
| Advanced Packet Diagnostics (packet capture + IO graph + TCP expert + AI) | — | — | credits | credits |
Passive grading is included on every tier at no add-on cost — the everyday health signal. Active mesh testing and Advanced Packet Diagnostics are per-agent add-ons on Business and above, so you pay for depth only on the paths that matter.
The mesh-and-capture capability isn’t science fiction — a handful of enterprise platforms do a version of it, and do it well. The honest difference is reach: what it costs, what it runs on, and how long before you see data. Here’s the landscape, by category.
| Capability | DataStun | Enterprise network-performance platform | Consumer speed test |
|---|---|---|---|
| Tests the path between your own machines (agent-to-agent, N² mesh) | ✓ | ✓ | — |
| Measures each direction separately (half-duplex) | ✓ | ✓ | one path only |
| Captures packets on the endpoint with nothing installed | ✓ | via its own probe | — |
| Decodes the capture + plain-English AI read, in-product | ✓ | premium tier | — |
| Smart-sampling bursts, not a brute-force flood | ✓ | varies | flood |
| Runs on any Windows / macOS / Linux endpoint, beside your security agent | ✓ | varies / appliance | n/a |
| Time to first data | ~5 min, 3 agents | rollout project (weeks–months) | instant |
| Pricing model | Individual tier; credits / per-agent add-on | annual contract, consumption units | free |
Here’s what bothers us: capability like this is marketed to the Fortune 500 — priced, packaged, and staffed for organizations with a network-operations budget and a team to run it. The small business, the school, the nonprofit, the family watching over a parent’s laptop — the people who need the same visibility and the same safety — were never the intended customer. They’re ours.
Comparison reflects publicly documented capabilities and pricing models of representative tools in each category as of May 2026, described by category rather than by name. The enterprise platforms do much of what the mesh does — the gap is what it takes to get there: an annual contract, per-unit licensing, and a deployment built for a dedicated network team. A consumer speed test measures one path to one server by flooding it, and can’t see the paths inside your own infrastructure at all.
Even a large organization can run DataStun on top of the security stack it already has — in minutes, without a migration.
A throughput number tells you that a path is hurting. APD tells you why. Tick one box and both agents capture the actual packets of that test — filtered to the test itself, bounded in time, then removed from the agent after upload. What comes back is a forensic packet trace, charted and explained.
You start a mesh test and tick “capture packets.”
Both agents record only this test’s flow, auto-stopping when it ends.
Each side uploads its .pcapng to your tenant, then deletes the local copy.
IO graph per direction + TCP expert analysis (retransmits, dup-ACKs, out-of-order, zero-window).
An AI read names the hurting direction and likely cause — in plain English.
Packet loss on the forward path is driving repeated retransmissions and out-of-order delivery. The reverse direction is unaffected — the problem is asymmetric.
Investigate the A→B uplink for loss — ISP saturation, QoS drops, or routing asymmetry on that leg.
Sample of the AI read that accompanies a captured run. It’s advisory — it explains the measured numbers, it never changes them — and the analysis runs inside your tenant, not in any shared service.
Reading a packet trace used to be a specialist skill. PacketMan — the same AI expert built into your dashboard — reads the run for you: per-direction throughput, the retransmit split, the TCP expert events, the shape of the IO graph. He hands back a diagnosis a human can act on: a headline, the direction that’s hurting, the likely cause, the evidence (citing the actual numbers and events), and a recommended next step.
That makes the same forensic signal legible to whoever is on call — the operator triaging a fleet who can’t open every .pcapng, or someone trying to fix a parent’s connection from two states away. It’s advisory: it explains the measured numbers, it never changes them. And it runs inside your tenant — the trace and its analysis stay with you, never routed through any shared service.
And to be clear about what he’s reading: PacketMan analyzes the test packets between your two agents — not your users’ traffic. DataStun does not inspect the contents of your communications.
The IO graph above comes from a real packet trace. That trace is yours twice over: keep the raw frames for your own deep dive, and let PacketMan turn them into a diagnosis.
| No. | Time | Source | Destination | Proto | Len | Info |
|---|---|---|---|---|---|---|
| 1 | 0.000000 | 10.0.0.12 | 203.0.113.45 | TCP | 74 | 54321 → 443 [SYN] Seq=0 |
| 2 | 0.031208 | 203.0.113.45 | 10.0.0.12 | TCP | 74 | 443 → 54321 [SYN, ACK] |
| 3 | 0.031284 | 10.0.0.12 | 203.0.113.45 | TCP | 66 | 54321 → 443 [ACK] |
| 4 | 0.032015 | 10.0.0.12 | 203.0.113.45 | TLSv1.3 | 583 | Client Hello (SNI api.example.com) |
| 5 | 0.064102 | 203.0.113.45 | 10.0.0.12 | TCP | 1514 | 443 → 54321 [ACK] Len=1448 |
| 6 | 0.298551 | 203.0.113.45 | 10.0.0.12 | TCP | 1514 | [TCP Retransmission] 443 → 54321 |
| 7 | 0.298644 | 10.0.0.12 | 203.0.113.45 | TCP | 66 | [TCP Dup ACK 5#1] 54321 → 443 |
Download the .pcapng and dive in frame by frame. The raw evidence is yours to keep — and to attach to a ticket. No capture tooling was installed to produce it.
The trace is decoded and handed to PacketMan, who returns the direction that’s hurting, the likely cause, the evidence, and the next step.
Reading a trace at this level is a rare, expensive skill — close to a lost art, and hard to keep on call even where the experts exist. DataStun deploys that expertise as PacketMan, on every run, for everyone — while the raw trace stays yours to open in Wireshark anytime.
.pcapng → Wireshark. Every captured run gives you a downloadable capture per direction. Open it in Wireshark for the deepest dive — your tenant holds the file.Retransmits are counted per direction by the sending side. When the forward stream shows hundreds and the reverse shows zero, you know the loss is on the outbound leg — not a vague “the link is slow.”
The same TCP expert analysis Wireshark runs — retransmissions, duplicate ACKs, out-of-order, zero-window — with counts, plus the flagged frames. Independent, on-the-wire confirmation of the numbers.
Every captured run gives you a real .pcapng per direction. Download it and open it in Wireshark for the deepest dive — your tenant holds the file.
A capture that shows loss on the outbound path, charted and timestamped, is the evidence that turns “it feels slow” into a support ticket your carrier has to answer.
The deepest packet analysis on earth is worthless to the person who has to answer for the network but was never trained to read a trace. Here’s why that gap is the one DataStun was built to close — from the seat that owns the problem.
Iris Locke
DataStun’s leadership voice
I speak for the people who own endpoint security and somehow also own “why is the fourth floor like this?” The scene: every real-time call up there stutters and drops. The techs can’t reproduce it from their desks, so it sits open for weeks — until someone captures packets they were never trained to read. The evidence is right there, and useless.
It shouldn’t take more than that — nothing installed, nobody learning to read a trace. End users stop being your monitoring system. The packet expertise that’s rare and costly to hire lives in the software: Bill Alderson’s forty-five years, as PacketMan.
What I can take to a board: the enterprise tools that do a version of this take a rollout measured in months; this takes about five minutes, on three agents, free.
Help in three layers: PacketMan AI → your admin → the DataStun team — no ticket queue to start over in.
APD is credit-based: one credit per captured run, credits don’t expire, and a failed or canceled run refunds automatically. Buy depth for the agents and paths that matter — not a flat fee across every laptop.
No setup: the agent captures with the facility already on the device — nothing installed, no inbound port, no SSH — and all decoding happens server-side.
See pricing & add-ons →Passive performance grading — kernel-native latency and retransmit readings, graded A–F per device and per app on a 24-hour timeline — runs included on every tier. It points you at the handful of machines actually struggling.
APD is the next step down: when the grade says a path is hurting, capture it and find out why. The everyday signal narrows the search; the packet trace closes it.
See passive performance →We document our measurement methods in the open — the dispersion math, the trust layer that catches buffer-faked speeds, and the peer-to-peer mesh that reaches across NATs without routing your traffic through anyone’s servers.