Packet Capture Data
3.4 | 56 Votes
What is a PCAP file?
A PCAP file is a packet capture created by Wireshark, a free network data analysis program. It contains network packet data that Wireshark intercepted and logged while monitoring a network. Network administrators use PCAP files to diagnose network problems and detect malicious network activity.
In addition to a record of a packet's contents, each PCAP file also contains metadata about the captured packet. For example, PCAP files specify a packet's source and destination, the protocol used to send the packet, and the time at which the packet was sent.
NOTE: While Wireshark is the most common program used to create PCAP files, several other packet capture programs also save captures in the PCAP format.
How to open a PCAP file
You can open a PCAP file with Wireshark. To do so:
- Select File → Open from Wireshark's menu bar.
- Navigate to and open your PCAP file.
You can also open PCAP files with several other packet analysis programs, including Netresec NetworkMiner (Windows, Linux) and A-Packets (Web).