Windows NT Netmon capture file

application/vnd.tcpdump.pcap

Safe

Magic Bytes

Offset: 0
A1 B2 C3 D4

Windows NT Netmon capture file is a network data storage format developed by Microsoft for its original Network Monitor tool. It serves as a container for recorded network traffic, allowing administrators to perform detailed protocol analysis, performance monitoring, and connectivity troubleshooting. While now considered a legacy format, it remains supported by modern packet analyzers like Wireshark for reviewing historical diagnostic data and conducting digital forensics on older Windows Server environments.

Extension

.cap

MIME Type

application/vnd.tcpdump.pcap

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .cap files in Python

Python 
def is_cap(file_path: str) -> bool:
    """Check if file is a valid CAP by magic bytes."""
    signature = bytes([0xA1, 0xB2, 0xC3, 0xD4])
    with open(file_path, "rb") as f:
        return f.read(4) == signature

How to validate .cap files in Node.js

Node.js 
function isCAP(buffer: Buffer): boolean {
  const signature = Buffer.from([0xA1, 0xB2, 0xC3, 0xD4]);
  return buffer.subarray(0, 4).equals(signature);
}
Go 
func IsCAP(data []byte) bool {
    signature := []byte{0xA1, 0xB2, 0xC3, 0xD4}
    if len(data) < 4 {
        return false
    }
    return bytes.Equal(data[:4], signature)
}

API Endpoint

GET /api/v1/cap
curl https://filesignature.org/api/v1/cap

Related Formats

.pf .hlp .com .arl .aut .dmp .csh .grm .jdf