Easiest way to convert pcap to JSON

json wireshark pcap libpcap tcpdump
22,917

Solution 1

On the command line (Linux, Windows or MacOS), you can use tshark.

e.g.

tshark -r input.pcap -T json >output.json

or with a filter:

tshark -2 -R "your filter" -r input.pcap -T json >output.json

Considering you mentioned a set of pcap files, you can also pre-merge the pcap files into a single pcap and then export that in one go if preferred..

mergecap -w output.pcap input1.pcap input2.pcap..

Solution 2

Wireshark has a feature to export it's capture files to JSON.

File->Export Packet Dissections->As JSON

Solution 3

You could use pcaphar. More info about HAR here.

Share:
22,917
Erik
Author by

Erik

Updated on February 09, 2020

Comments

  • Erik
    Erik about 4 years

    I have a bunch of pcap files, created with tcpdump. I would like to store these in a database, for easier querying, indexing etc. I thought mongodb might be a good choice, because storing a packet the way Wireshark/TShark presents them as JSON document seems to be natural.

    It should be possible to create PDML files with tshark, parse these and insert them into mongodb, but I am curious if someone knows of an existing/other solution.

  • bright-star
    bright-star over 9 years
    This answer is pretty much just links which are vulnerable to rot.
  • nealmcb
    nealmcb over 6 years
    What version is this supported in?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

TCP Server sends [ACK] followed by [PSH,ACK]
Use Tshark to view json data
Parsing pcap taken from wireshark file using - Java
What's all this deploy.akamaitechnologies.com traffic?
How would a PCAP filter look like to capture all DHCP related traffic?
tcpdump filter for tcp zero window messages
time difference between two packets in wireshark
How to concatenate two tcpdump files (pcap files)
set a filter of packet length in wireshark
libpcap get MAC from AF_LINK sockaddr_dl (OSX)