PCAP Upload & Management
TracePcap accepts PCAP, PCAPNG, and CAP files via a drag-and-drop interface. Files are stored in MinIO object storage and analysed asynchronously.
Supported Formats
.pcap— libpcap format.pcapng— next-generation capture format.cap— Wireshark capture format
Upload Limit
The default maximum file size is 512 MB, configurable via the
MAX_UPLOAD_SIZE_BYTES environment variable (see
Environment Variables).
Upload Options
Both analysis stages run automatically on every upload by default:
Protocol & application classification (nDPI) — application identification, risk detection, TLS metadata, JA3/JA3S fingerprints (see nDPI Security Analysis).
Embedded file extraction — HTTP object and raw stream extraction from TCP/UDP payloads (see File Extraction).
If the deployment has VITE_ANALYSIS_OPTIONS=true set, an
Analysis options modal appears after file selection, allowing each
stage to be disabled individually for that upload (useful for reducing
processing time on large captures).
Duplicate Detection
TracePcap computes a SHA-256 hash of each uploaded file by streaming it
through a MessageDigest. If a file with the same hash already exists in
the database, the upload is rejected and you are linked to the existing
analysis. This prevents redundant processing and storage.
Processing Progress
After upload, you are redirected to a progress view showing each analysis stage (packet parsing, nDPI analysis, geolocation, file extraction, …) with a percentage indicator. Analysis runs asynchronously — you can navigate away and return later.
Managing Uploads
The main file list shows all uploaded PCAPs with their status, size, upload date, and detected statistics. You can delete a file from this view, which removes both the database metadata and the object from MinIO.