Development/LibpcapFileFormat. The libpcap file format is the main capture file format used in TcpDump/WinDump, Wireshark/TShark, snort, and many other networking tools. Overview This file format is a very basic format to save captured network data. As the libpcap library became the "de facto" standard of network capturing on UN*X, it became the "common denominator" for network capture files in the open source world (there seems to be no such thing as a "common denominator" in the commercial network capture world at all).
Libpcap, and the Windows port of libpcap, WinPcap, use the same file format. Although it's sometimes assumed that this file format is suitable for Ethernet networks only, it can serve many different network types, examples can be found at the Wireshark's Supported Capture Media page; all listed types are handled by the libpcap file format.
The proposed file extension for libpcap based files is: .pcap Wireshark handles all capture file I/O in the wiretap library. File Format Packet Data Libraries Drawbacks. PCAP Next Generation Dump File Format. Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”
The list of current Internet-Drafts can be accessed at The list of Internet-Draft Shadow Directories can be accessed at This Internet-Draft will expire on September 2, 2004. Copyright Notice Copyright © The Internet Society (2004). Abstract This document describes a format to dump captured packets on a file. Updates Table of Contents 1. 1. Internet Health Report. Network Overview /// Internet Traffic Report.