From ForensicsWiki
Jump to: navigation, search

PCAP is a common term for a file containing data captured by a network sniffer. This format is used by such tools as tcpdump and wireshark.

A pcap may be comprised of full (complete) Ethernet frames, or partial frames depending on the snap length (snaplen) specified at the point of capture.