Hi! I've done something a bit similar to this, although not with pcap files.
In the past, I've worked with a situation where I receive in my Java code, a certificate chain, which ends up being either a single cert, or 2, 3, etc.
For my instance, I would get the proper order of certs, so I could always know that chain[0] was the end user cert, then based on the length of the chain, I could guess the others:
If length was 2, then chain[1] was CA.
If length was 3, then chain [1] is intermediary-CA, chain[2] is root-CA.
I understand that you may not be getting the certs in the proper order, and therefore I think (at least based on Java data types), you could use:
X509Certificate.verify(X509Certificate.getPublicKey)
So basically, you'd have to figure out some fancy logic to say:
I have 3 certs, lets take the first one, and do verify using the other two's public key. If one of those verifies it, then you can begin some sorting logic, knowing that the successful verifier is above it within the proper chain order.
I hope that makes sense. Also, I stuck with Java references, since that's where I was working on this similar task, but you didn't mention what type of language/environment you're using.