TNV depicts network traffic as a matrix with the packet capture timeline on the x-axis and all of the host IP addresses in the data set on the y-axis. TNV is intended for network traffic analysis for learning what constitutes 'normal' activity on a network, investigating packet details security events, or network troubleshooting. TNV can open saved tcpdump formatted files or capture live packets on the wire.

TNV's main visualization shows remote hosts along the left side and a reorderable matrix of local hosts on the right, with links drawn between them. The local host matrix shows aggregated packet activity as background color, and shows network packets as triangles, with the point representing the directionality of the packet. Packets and links are color coded to protocol, and the user can optionally show the flags for TCP packets.

By selecting a cell within the matrix, representing a local host for a certain time period, the user can show either the packet details or the port activity related to that host. The main interaction mechanism for moving through the data is a scrollbar that sets the viewable selection, while at the same time showing areas of relative network activity in a bar graph - providing an overview of the entire data set with a more detailed display in the main visualization.