Learn packet analysis with challenging Wireshark labs (+25 advanced PCAP case-studies) !
LabLab Platform

Basic Information

The extended PCAP list view gives you access to some basic information about the trace.

When a new file is added to the system some basic information is extracted from the file. This screenshot gives you an idea.

Basic Information

Information provenance

The information in this view has different sources:

  • The original filename
  • Metadata from within the file
  • Hashing of the file
  • Added metadata

Metadata from within the file

Depending on the file format and capture setup different metadata may be present in the file.

There is a big difference between .pcapng files and .pcap files. The newer .pcapng file format has much more support for metadata (e.g. comments, capture software, DNS entries).

Interesting fields

Most fields are self-explanatory. Some need a deeper understanding of packet capturing

ID field

The id field is generated field that uniquely identifies your PCAP. It is an identifier generated when a PCAP is added to the system.

Packet size limit max

The packet size limit max is also called [packet slicing](/kb/docs/encyclopedia/packet slicing/). Both refer to the fact that the whole packets are contained within the PCAP but just the first N bytes.

Hashes

Your file is also hashed with the algorithms SHA1, SHA256, and RIP160. This makes it easy to search for a file if you just have a hash of it and neither file name nor ID.

Credits, License and source URL

These three fields can be retroactively edited by the person who added the file.

All PCAPs should only be uploaded with the permission of the creator and with the knowledge and consent of network traffic initiators.

If the uploader is not the original creator of the PCAP but has the permission to share the file she or he should name the original author in the credits and refer to the URL.

Sometimes people share PCAPs in forum discussions in this case the author can link back to the discussion.

All of this can be done by selecting the PCAP(s) using the checkbox and clicking on the action.

Interactivity

You can click on any basic information field to filter all the PCAPs you have access to for the shown value.

Mass Actions

Connection view