Windows NT Netmon capture file (.cap)
.cap file signature | application/vnd.tcpdump.pcap
Cinco NetXRay, Network General Sniffer, andNetwork Associates Sniffer capture file
Magic Bytes
Offset 0
A1 B2 C3 D4
Sources: Apache Tika
All Known Signatures
4 signature variants are documented for .cap files across multiple sources.
| Hex Signature | Offset | Sources |
|---|---|---|
| A1 B2 C3 D4 | 0 | Apache Tika |
| D4 C3 B2 A1 | 0 | Apache Tika |
| 52 54 53 53 | 0 | Gary Kessler |
| 58 43 50 00 | 0 | Gary Kessler |
Extension
.cap
MIME Type
application/vnd.tcpdump.pcap
Byte Offset
0
Risk Level
Safe
Validation Code
How to validate .cap files in Python
def is_cap(file_path: str) -> bool:
"""Check if file is a valid CAP by magic bytes."""
signature = bytes([0xA1, 0xB2, 0xC3, 0xD4])
with open(file_path, "rb") as f:
return f.read(4) == signatureHow to validate .cap files in Node.js
function isCAP(buffer: Buffer): boolean {
const signature = Buffer.from([0xA1, 0xB2, 0xC3, 0xD4]);
return buffer.subarray(0, 4).equals(signature);
}How to validate .cap files in Go
func IsCAP(data []byte) bool {
signature := []byte{0xA1, 0xB2, 0xC3, 0xD4}
if len(data) < 4 {
return false
}
return bytes.Equal(data[:4], signature)
}API Endpoint
/api/v1/cap
curl https://filesignature.org/api/v1/cap
See the full API documentation for all endpoints and parameters.
Frequently Asked Questions
What is a .cap file?
A .cap file is a Windows NT Netmon capture file file. Cinco NetXRay, Network General Sniffer, andNetwork Associates Sniffer capture file
What are the magic bytes for .cap files?
The magic bytes for Windows NT Netmon capture file files are A1 B2 C3 D4 at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.
How do I validate a .cap file?
To validate a .cap file, read the first bytes of the file and compare them against the known magic bytes (A1 B2 C3 D4) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.
What is the MIME type for .cap files?
The primary MIME type for .cap files is application/vnd.tcpdump.pcap.
Is it safe to open .cap files?
Windows NT Netmon capture file (.cap) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.