Skip to content
Log in

PCAP

Definition

Packet capture file. The standard format for storing captured network frames, originally defined by the libpcap library. Each record contains the raw frame bytes, a timestamp, and the captured length. The newer pcapng format extends this with interface metadata and block annotations.

Related terms

Artefact carving
Extracting embedded content from raw data by locating known file signatures (magic bytes) at byte boundaries. In PCAP analysis, this means reassembling...
Beaconing
Periodic outbound connections from a compromised host to a command-and-control server, typically at regular intervals. The regularity of the interval, measured in...
Display filter
A Wireshark filter expression applied to an already-captured PCAP file to show only packets matching specified criteria. Display filters do not delete...
Protocol dissector
A software component in a packet analyser that recognises a specific protocol and parses its header fields into named, readable values. Wireshark...
Stream reassembly
The process of collecting all the TCP segments belonging to a single connection and reordering them by sequence number to reconstruct the...

Explained in

  • Traffic Analysis and Protocol DissectionPacket capture file. The standard format for storing captured network frames, originally defined by the libpcap library. Each record contains the raw frame byt...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account