libpcap/tcpdump packet capture (.dmp)

.dmp file signature | application/vnd.tcpdump.pcap

libpcap/tcpdump packet capture (DMP) is a file format used to store network traffic captures, originally developed for the tcpdump and libpcap projects and maintained through their open-source ecosystem. It is commonly used for network analysis, troubleshooting, intrusion detection, and forensic review in tools such as tcpdump, Wireshark, and related packet inspection software. The format is generally safe, though captured data may contain sensitive information and should be handled accordingly.

Safe

Magic Bytes

Offset 0


              A1 B2 C3 D4

Sources: Apache Tika

All Known Signatures

5 signature variants are documented for .dmp files across multiple sources.

Hex Signature	Offset	Sources
A1 B2 C3 D4	0	Apache Tika
D4 C3 B2 A1	0	Apache Tika
4D 44 4D 50 93 A7	0	Gary Kessler
50 41 47 45 44 55 36 34	0	Gary Kessler
50 41 47 45 44 55 4D 50	0	Gary Kessler

Extension

.dmp

MIME Type

application/vnd.tcpdump.pcap

Byte Offset

Risk Level

Safe

Validation Code

How to validate .dmp files in Python

Python

def is_dmp(file_path: str) -> bool:
    """Check if file is a valid DMP by magic bytes."""
    signature = bytes([0xA1, 0xB2, 0xC3, 0xD4])
    with open(file_path, "rb") as f:
        return f.read(4) == signature

How to validate .dmp files in Node.js

Node.js

function isDMP(buffer: Buffer): boolean {
  const signature = Buffer.from([0xA1, 0xB2, 0xC3, 0xD4]);
  return buffer.subarray(0, 4).equals(signature);
}

How to validate .dmp files in Go

func IsDMP(data []byte) bool {
    signature := []byte{0xA1, 0xB2, 0xC3, 0xD4}
    if len(data) < 4 {
        return false
    }
    return bytes.Equal(data[:4], signature)
}

API Endpoint

GET /api/v1/dmp


              curl https://filesignature.org/api/v1/dmp

See the full API documentation for all endpoints and parameters.

Related Formats

.cap .pcap

Frequently Asked Questions

What is a .dmp file?

A .dmp file is a libpcap/tcpdump packet capture file. libpcap/tcpdump packet capture (DMP) is a file format used to store network traffic captures, originally developed for the tcpdump and libpcap projects and maintained through their open-source ecosystem. It is commonly used for network analysis, troubleshooting, intrusion detection, and forensic review in tools such as tcpdump, Wireshark, and related packet inspection software. The format is generally safe, though captured data may contain sensitive information and should be handled accordingly.

What are the magic bytes for .dmp files?

The magic bytes for libpcap/tcpdump packet capture files are A1 B2 C3 D4 at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.

How do I validate a .dmp file?

To validate a .dmp file, read the first bytes of the file and compare them against the known magic bytes (A1 B2 C3 D4) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .dmp files?

The primary MIME type for .dmp files is application/vnd.tcpdump.pcap.

Is it safe to open .dmp files?

libpcap/tcpdump packet capture (.dmp) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.