Forensicswiki.org has moved to this site, forensicswiki.xyz. For information, please join the Google Group forensicswiki-reborn

PCAP

From Forensics Wiki
Jump to navigation Jump to search

PCAP is a common term for a file containing data captured by a network sniffer. This format is used by such tools as tcpdump and wireshark.

A pcap may be comprised of full (complete) Ethernet frames, or partial frames depending on the snap length (snaplen) specified at the point of capture.