{"success":true,"data":{"ext":"cap","name":"Windows NT Netmon capture file","description":"The CAP file format is a packet capture format associated with Microsoft Windows NT Network Monitor and related tools, and is maintained through legacy support in network analysis software. It is used to store captured network traffic for inspection, troubleshooting, and protocol analysis in utilities such as Network Monitor, Sniffer, and compatible analyzers. The format is legacy and may appear in older systems; files are generally safe, though packet contents should be handled carefully as with any capture.","mime":["application/vnd.tcpdump.pcap"],"risk_level":"Safe","signatures":[{"hex":"A1 B2 C3 D4","offset":0,"sources":[{"name":"Apache Tika","url":"https://raw.githubusercontent.com/apache/tika/main/tika-core/src/main/resources/org/apache/tika/mime/tika-mimetypes.xml"}],"endianness":"big"},{"hex":"D4 C3 B2 A1","offset":0,"sources":[{"name":"Apache Tika","url":"https://raw.githubusercontent.com/apache/tika/main/tika-core/src/main/resources/org/apache/tika/mime/tika-mimetypes.xml"}],"endianness":"little"},{"hex":"52 54 53 53","offset":0,"sources":[{"name":"Gary Kessler","url":"https://www.garykessler.net/library/file_sigs_GCK_latest.html"}]},{"hex":"58 43 50 00","offset":0,"sources":[{"name":"Gary Kessler","url":"https://www.garykessler.net/library/file_sigs_GCK_latest.html"}]}],"related":["dmp","pcap"],"usage":{"python":"def is_cap(file_path: str) -> bool:\n    \"\"\"Check if file is a valid CAP by magic bytes.\"\"\"\n    signature = bytes([0xA1, 0xB2, 0xC3, 0xD4])\n    with open(file_path, \"rb\") as f:\n        return f.read(4) == signature","node":"function isCAP(buffer: Buffer): boolean {\n  const signature = Buffer.from([0xA1, 0xB2, 0xC3, 0xD4]);\n  return buffer.subarray(0, 4).equals(signature);\n}","go":"func IsCAP(data []byte) bool {\n    signature := []byte{0xA1, 0xB2, 0xC3, 0xD4}\n    if len(data) < 4 {\n        return false\n    }\n    return bytes.Equal(data[:4], signature)\n}"}}}