Malcore: Simple File Analysis
  • Malcore API docs
  • Packer Checking
  • Deep Static Analysis
  • PCAP diffing
  • Gather sections
  • Shellcode Emulation
  • Executable File Analysis
  • Binary Diffing
  • Script Analysis
  • Ransom Note Comparison
  • PCAP Analysis
  • Snort Rule Generation
  • Hash Checksum
  • Strings
  • Imports and Exports
  • Status Check
  • Yara Rule Scanning
  • Parse Exif Data
  • Domain Analysis
  • Threat Score
  • Execute From URL
  • Document File Analysis
  • URL Checking
  • Browser Extension Analysis
  • Android Permission Lookup
  • AndroidManifest Parsing
  • Phone Application Analysis
  • Dynamic Analysis
  • Threat Feed
  • AI Classifier
  • Scan Results Manipulation
Powered by GitBook
On this page
  • [ POST ] https://api.malcore.io/api/pcapdiff
  • Query Params
  • Headers
  • Request
  • Response

PCAP diffing

[ POST ] https://api.malcore.io/api/pcapdiff

PCAP diffing is a way to perform a diff on two PCAP files. The output will display the packet differences between two files and is a good way to determine exploits in network analysis.

Packet capture differentiating allows the user to parse PCAP binary files and provide the difference between two the two

Query Params

  • filename1 file

  • filename2 file

Headers

  • apiKey string

Request

curl -X POST https://api.malcore.io/api/pcapdiff \
  -F "filename1=@mypcap.pcap" \
  -F "filename2=@mysecondpcap.pcap" \
  -H "apiKey: myapikey"

Response

🟢 200

{
  "results": {
    "packets": [
      "...",
      "..."
    ],
    "diff_amount": 2
  }
}

🔴404

{
  "error": "One or more of the files passed is an invalid type, must be PCAP binary file"
}
PreviousDeep Static AnalysisNextGather sections

Last updated 1 year ago