What is a PCAP file? Key word there is Packet. But you want to go lower than Layer 3... So your question is can you get to those Layer 2 frames from data in a PCAP file? If the capture was made with Wireshark, you can filter the capture down to individual MAC frames where you can see the the encrypted contents. If the PCAP was captured in some other way, I'm not sure if that level of detail would be there. Perahps someone with more experience can provide a better answer around different tools and their ability to go down to individual frames.

Let's think about that question a bit and tear it down... MACSec is a layer 2 thing... but a TCP/IP network, in a more overall sense, is also operating at layer 3 so that when that layer 2 frame hits the local router and gets decrypted, that device can know where the layer 3 packet that was encapsulated within that frame needs to go. So yes, things work together, but the technology of MACSec is working at layer 2 before it moves up the OSI model and gets out over the network at the higher levels. Think about a dumb switch... It works at layer 2 to figure out where to move frames. What is inside those frames doesn't matter to the dumb switch because it only cares about the MAC address and what port to move the frame to. If our switch becomes a little smarter, we can start using encryption to ensure that nothing listening between the endpoint and our smarter switch can see the entire frame. Maybe more importantly, frames between the smarter switch to the local router can be encrypted, again making sure all the frames have encryption to protect data while it is still moving around inside our LAN. If protecting data in motion is very important at the LAN level, this solves many security concerns about data moving in an unencrypted way.