The PCAP file is a data file which inside contains packet data of a network. Pcap files can be used to analyze the network characteristics or control the network traffic and determine network status. Wireshark is one of the most common applications for opening and reading the PCAP file.
The structure of the PCAP file
They usually have a global header and then there will be packets inside. Each packet will have its own header and payload.
How to capture a PCAP file
If you are on a Linux machine which I hope you are, you can use the Tcpdump to create a PCAP file.
Run the following command on your terminal.
sudo tcpdump -i eth0 -w my.pcap
You can specify how many packets to capture by using -c 10
for capturing only 10 packets.
Using PCAP file
I really like and suggest the following source for extracting packets from PCAP files, reading packets, creating a program to generate PCAP files and etc.