PCAP

application/vnd.tcpdump.pcap

Safe

Magic Bytes

Offset: 0
D4 C3 B2 A1

The Packet Capture (PCAP) format is a standardized data storage specification originally developed for the libpcap library by the tcpdump project authors. It serves as a primary method for recording and analyzing network traffic, utilized extensively by administrators and security professionals through tools such as Wireshark. While largely superseded by the enhanced PCAPNG format, legacy PCAP files maintain widespread support for cross-platform compatibility and historical data logging in digital forensic investigations.

Extension

.pcap

MIME Type

application/vnd.tcpdump.pcap

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .pcap files in Python

Python 
def is_pcap(file_path: str) -> bool:
    """Check if file is a valid PCAP by magic bytes."""
    signature = bytes([0xD4, 0xC3, 0xB2, 0xA1])
    with open(file_path, "rb") as f:
        return f.read(4) == signature

How to validate .pcap files in Node.js

Node.js 
function isPCAP(buffer: Buffer): boolean {
  const signature = Buffer.from([0xD4, 0xC3, 0xB2, 0xA1]);
  return buffer.subarray(0, 4).equals(signature);
}
Go 
func IsPCAP(data []byte) bool {
    signature := []byte{0xD4, 0xC3, 0xB2, 0xA1}
    if len(data) < 4 {
        return false
    }
    return bytes.Equal(data[:4], signature)
}

API Endpoint

GET /api/v1/pcap
curl https://filesignature.org/api/v1/pcap

Related Formats

.pcapng .hpapp .ppa .arl .aut .cap .jpf .tlb .sis