PCAP (.pcap)
.pcap file signature | application/vnd.tcpdump.pcap
Libpcap File Format (nanosecond-resolution)[2]
Magic Bytes
Offset 0
D4 C3 B2 A1
Sources: Apache Tika, Wikipedia
All Known Signatures
3 signature variants are documented for .pcap files across multiple sources.
| Hex Signature | Offset | Sources |
|---|---|---|
| D4 C3 B2 A1 | 0 | Apache Tika, Wikipedia |
| A1 B2 C3 D4 | 0 | Apache Tika |
| 4D 3C B2 A1 | 0 | Wikipedia |
Extension
.pcap
MIME Type
application/vnd.tcpdump.pcap
Byte Offset
0
Risk Level
Safe
Validation Code
How to validate .pcap files in Python
def is_pcap(file_path: str) -> bool:
"""Check if file is a valid PCAP by magic bytes."""
signature = bytes([0xD4, 0xC3, 0xB2, 0xA1])
with open(file_path, "rb") as f:
return f.read(4) == signatureHow to validate .pcap files in Node.js
function isPCAP(buffer: Buffer): boolean {
const signature = Buffer.from([0xD4, 0xC3, 0xB2, 0xA1]);
return buffer.subarray(0, 4).equals(signature);
}How to validate .pcap files in Go
func IsPCAP(data []byte) bool {
signature := []byte{0xD4, 0xC3, 0xB2, 0xA1}
if len(data) < 4 {
return false
}
return bytes.Equal(data[:4], signature)
}API Endpoint
/api/v1/pcap
curl https://filesignature.org/api/v1/pcap
See the full API documentation for all endpoints and parameters.
Frequently Asked Questions
What is a .pcap file?
A .pcap file is a PCAP file. Libpcap File Format (nanosecond-resolution)[2]
What are the magic bytes for .pcap files?
The magic bytes for PCAP files are D4 C3 B2 A1 at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.
How do I validate a .pcap file?
To validate a .pcap file, read the first bytes of the file and compare them against the known magic bytes (D4 C3 B2 A1) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.
What is the MIME type for .pcap files?
The primary MIME type for .pcap files is application/vnd.tcpdump.pcap.
Is it safe to open .pcap files?
PCAP (.pcap) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.