ExaVolume, part of the Vantage Platform, is a virtual filesystem for packet captures. Turn a 10 TB capture into manageable 1 GB files that Wireshark can read. Indexes, sidecars, metadata, and security-bound projections — all virtual, all on demand.
Virtual projections break massive captures into files any tool can open. No copying. No splitting. No storage overhead.
ExaVolume, part of the Vantage Platform, is a local storage volume that wraps raw capture files with sidecars, indexes, statistics, and metadata. Our virtual filesystem engine mounts the volume and projects virtual directories and files on demand.
RAW STORAGE EXAVOLUME VIRTUAL FILESYSTEM PROJECTIONS capture-2025.pcapng (10 TB) ExaVolume mounts raw files /mnt/exavolume/ with indexes, tokens, and README.txt All metadata hidden in: statistics .exavolume/ .exavolume/ config.yaml, stats.json config.yaml SDK modules read/write stats.json through the volume API scope=capture/ indexes/ year=2025/ capture-2025.six Virtual filesystem engine month=02/ capture-2025.dix projects virtual directories day=24/ tokens/ with explicit key=value naming hour=08.pcapng (1 GB) capture-2025.tokens hour=09.pcapng (1 GB) metadata/ Every directory has an hour=10.pcapng (1 GB) flows.json auto-generated README.txt scope=ids/ All projections are virtual severity=critical/ No data is copied or moved year=2025/month=02/alerts.eve.json Files are 100% valid PCAPNG severity=high/ ...
Use Vantage Query to define exactly what you want to see. The virtual filesystem engine generates files on demand — filtered, sliced, reassembled, decrypted (if authorized), and compliant.
ExaVolume starts as single-node storage with virtual projections. When you outgrow a single server, the Vantage Platform provides distributed storage — scaling seamlessly across multiple nodes with the same API, same projections, and same sidecar format. No rewrite required.
| Capability | ExaVolume (Standalone) | Vantage Platform (Distributed) |
|---|---|---|
| Scope | Single node, local storage | Multi-node cluster, distributed |
| Storage | Local disks | Distributed block storage |
| Virtual filesystem projections | Full support | Full support, spanning nodes |
| Sidecars & indexes | SIX, DIX, tokens, metadata | Same, distributed |
| Security levels | 0–20 | 0–20 with federation |
| Capacity | Single server limits | Exabyte-scale across cluster |
| Redundancy | Local RAID only | Distributed redundancy, geo-redundant |
Same virtual filesystem API. Same projections. Same sidecar format. Start with ExaVolume on a single server. Scale to distributed storage with the Vantage Platform when you need multi-node capacity.
ExaViewer reads from ExaVolume Analysis UI ←————————→ Virtual filesystem Virtual projections ExaCapture writes to Sidecar indexes Capture daemon ←————————→ Analysis tokens Security binding Wireshark reads projected tcpdump files directly Any tool that reads Zeek from virtual mount PCAPNG works here │ ▼ Vantage Platform (2026) ExaVolume → Distributed Storage Local → Multi-node scale Same API, same format
Schedule a demo to see ExaVolume projections in action.