What is a .PCAP file?
PCAP records raw network traffic for analysis. Opened by Wireshark and tcpdump.
- Did you know
- The pcap format comes from the tcpdump network tool, and captures are usually opened in Wireshark.
- The pcap format came out of the libpcap and tcpdump work at Lawrence Berkeley Laboratory in the late 1980s.
- A pcap begins with a magic number that also signals the file’s byte order to whatever reads it.
- What Analyser reads
- Inspect security and crypto files: PEM private/public keys (RSA/EC/Ed25519, PKCS#1 vs PKCS#8, encryption), OpenSSH .pub with SHA-256 fingerprint, PuTTY .ppk, PKCS#10 CSR, X.509 CRL, PKCS#7 bundles, OpenVPN/WireGuard configs, Java KeyStores, Apple .mobileconfig/.mobileprovision, Windows .reg (with autorun flagging), and pcap/pcapng captures - warning when a private key or secret is present.
- Depth of analysis
- .PCAP is an identification-grade format: Analyser recognises it from its bytes and decodes the header metadata it carries, rather than opening it in a full viewer. Formats that do get a full viewer are marked "Full" on the formats page.
- Open a .PCAP file
- Drag a .PCAP file onto the Analyser home page (or tap to pick one). It is identified entirely in your browser - nothing is uploaded, there is no account, and it works offline once installed.