PCAP (packet capture file)
Definition
A binary file format that stores raw network traffic captured from a network interface. Tools such as Wireshark, tcpdump, and Zeek read PCAP files and decode the encapsulated protocol headers at each layer.
Related terms
- DNS query log
- A record maintained by a DNS resolver listing each domain name query, the requesting IP address, the response, and the timestamp. DNS...
- Encapsulation
- The process by which each OSI layer wraps the payload from the layer above it inside its own header (and sometimes trailer)....
- Protocol Data Unit (PDU)
- The named unit of data at each OSI layer: a frame at Layer 2, a packet at Layer 3, a segment at...
- Server Name Indication (SNI)
- A TLS extension sent in plaintext in the Client Hello message that identifies the hostname the client intends to reach. SNI is...
- TCP three-way handshake
- The connection establishment sequence in TCP: the client sends SYN, the server responds SYN-ACK, and the client completes with ACK. The timestamps...
Explained in
- The OSI Model and Protocols for Network InvestigatorsA binary file format that stores raw network traffic captured from a network interface. Tools such as Wireshark, tcpdump, and Zeek read PCAP files and decode t...