Easiest way to convert pcap to JSON

About

Asked 8/9, 2012 at 13:1 Answered 9/8, 2017 at 20:43

I have a bunch of pcap files, created with tcpdump. I would like to store these in a database, for easier querying, indexing etc. I thought mongodb might be a good choice, because storing a packet the way Wireshark/TShark presents them as JSON document seems to be natural.

It should be possible to create PDML files with tshark, parse these and insert them into mongodb, but I am curious if someone knows of an existing/other solution.

Zena answered 8/9, 2012 at 13:1 Comment(0)

On the command line (Linux, Windows or MacOS), you can use tshark.

e.g.

tshark -r input.pcap -T json >output.json

or with a filter:

tshark -2 -R "your filter" -r input.pcap -T json >output.json

Considering you mentioned a set of pcap files, you can also pre-merge the pcap files into a single pcap and then export that in one go if preferred..

mergecap -w output.pcap input1.pcap input2.pcap..

Chuckwalla answered 9/8, 2017 at 20:43 Comment(0)

Wireshark has a feature to export it's capture files to JSON.

File->Export Packet Dissections->As JSON

Puca answered 11/11, 2016 at 2:15 Comment(1)

What version is this supported in? – Posthaste 9/9, 2017 at 15:56

You could use pcaphar. More info about HAR here.

Jacquettajacquette answered 8/3, 2013 at 2:37 Comment(1)

This answer is pretty much just links which are vulnerable to rot. – Brownlee 16/11, 2014 at 4:19

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags