Probably almost nothing, because there is no information about intermediate nodes in the traffic, but you can build interaction schemes. You can use tcpdump or libpcap to extract information about sources / destinations and convert them to a simple dot file, for example. Then pass it through graphviz and get a map.
digraph G{
"10.10.115.102" -> "8.8.8.8" [label=Udp/43];
"10.10.115.105" -> "8.8.8.8" [label=Udp/43] ;
"10.10.115.111" -> "4.4.4.4" [label=Tcp/80];
}
Something like this. Read here ru.m.wikipedia.org/wiki/Graphviz and here http://ru.m.wikipedia.org/wiki/DOT_(language)

Select all the unique gray IPs that you see in CAP + a dozen white ones, start tracing to them and also write to CAP, then analyze the topology along the routes

Firstly, it would be good to know where the problem came from and what is the point in solving it (ie what knowledge of topology will give/should give you). Is traffic taken from one network point or from several? Can you provide an example dump?
I'm assuming the network is using IPv4 encapsulated in Ethernet. In this case, in my opinion, it first makes sense to build an interaction graph of Ethernet hosts (analogue in wireshark: statistics -> conversations -> ethernet). Then, for each ethernet host (identified by the unicast MAC address), map the IPv4 address of the encapsulated IPv4 packet (you map the source MAC address to the source IPv4 address, similar to destination addresses). You get a view of the network topology from the point where the traffic was captured. In my opinion, if you need the topology of the entire network, then you need to capture traffic from each L2 domain.