PCAP Upload & Management
TracePcap accepts PCAP, PCAPNG, and CAP files via a drag-and-drop interface. Files are stored in MinIO object storage and analysed asynchronously.
Supported Formats
.pcap— libpcap format.pcapng— next-generation capture format.cap— Wireshark capture format
Upload Limit
The default maximum file size is 512 MB. It is derived from the
APP_MEMORY_MB memory budget (max upload = 25% of it), not set directly —
see Environment Variables.
Upload Options
Both analysis stages run automatically on every upload by default:
Protocol & application classification (nDPI) — application identification, risk detection, TLS metadata, JA3/JA3S fingerprints (see nDPI Security Analysis).
Embedded file extraction — HTTP object and raw stream extraction from TCP/UDP payloads (see File Extraction).
An Analysis options modal appears after file selection, allowing each stage to be enabled or disabled individually for that upload (useful for reducing processing time on large captures). Protocol/application classification and embedded file extraction are enabled by default; Suricata IDS is off by default because it adds significant processing time.
Duplicate Detection
TracePcap computes a SHA-256 hash of each uploaded file by streaming it
through a MessageDigest. If a file with the same hash already exists in
the database, the upload is rejected and you are linked to the existing
analysis. This prevents redundant processing and storage.
Processing Progress
After upload, you are redirected to a progress view showing each analysis stage (packet parsing, nDPI analysis, geolocation, file extraction, …) with a percentage indicator. Analysis runs asynchronously — you can navigate away and return later.
Managing Uploads
The main file list shows all uploaded PCAPs with their status, size, upload date, and detected statistics. You can delete a file from this view, which removes both the database metadata and the object from MinIO.
Monitor Network files are hidden by default in this list to reduce clutter when many snapshots have been uploaded. Use the Show Monitor files toggle (top-right of the file list) to include them.
File Retention
By default, uploaded files are automatically deleted 12 hours after upload.
This window is configurable via the FILE_RETENTION_HOURS environment
variable. Set FILE_RETENTION_ENABLED=false to disable automatic deletion
entirely (see Environment Variables).
Note
Monitor Network files are exempt by default from automatic deletion. They persist until you manually delete the network or the individual snapshot, unless a custom monitor retention period is explicitly configured.