IT
OmnvertImage • Document • Network

PCAP → JSON Converter

Upload a PCAP/PCAPNG, optionally add a Wireshark display filter, and get rich JSON output.

Fast Private No sign-up
Max 50 MB • .pcap/.pcapng
Drag & drop or Browse
Accepted: .pcap, .pcapng • Max 50 MB
Include timestamps
Redact MAC/IP (mask last octet/byte)
No sign-upFiles processed transientlyLimit 50 MB

JSON Preview

Your JSON preview will appear here after conversion.
Related tools
PCAP Conversations PCAP → Flows CSV HTTP Headers & Redirects DNS Propagation ASN / Prefix Lookup IP Subnet Calculator

PCAP to JSON: why and how

PCAP and PCAPNG files capture network packets exactly as they appeared on the wire. Converting them to JSON or NDJSON makes them easy to feed into scripting pipelines, SIEM tools, incident-response workflows, and data science notebooks.

JSON output keeps the structure of each packet—frame metadata, Ethernet, IP, TCP/UDP, DNS, HTTP, TLS, and more. NDJSON writes one packet per line, which is ideal for streaming to tools like jq, Logstash, Splunk, or BigQuery. Compact JSON removes whitespace for smaller downloads.

PCAP vs PCAPNG

PCAP is the classic format, while PCAPNG adds per-packet metadata and multiple interfaces. This converter handles both, letting you extract the fields you need and cap the number of packets to keep results manageable.

Use cases

  • Feed Wireshark/tshark JSON into SIEM or log pipelines.
  • Run quick scripts (Python, Node.js) on NDJSON to aggregate flows.
  • Incident response: mask IP/MAC before sharing samples.
  • Data science: load compact JSON into notebooks for protocol analysis.

Output formats

  • Wireshark JSON: Wireshark JSON: matches tshark -T json output, indented for readability.
  • NDJSON (one packet per line): NDJSON: one packet per line, perfect for streaming and grep-friendly workflows.
  • Compact JSON: Compact JSON: no whitespace; smallest file size.

Privacy & security

We cap uploads at 50 MB and process captures transiently. Use the masking toggle to redact MAC/IP by zeroing the last octet/byte. For extra privacy, apply Wireshark display filters to drop unwanted traffic before exporting.

Troubleshooting

  • “File too large”: trim or filter the capture; limit is 50 MB.
  • “Parse error”: ensure the file is valid PCAP/PCAPNG; try re-saving with Wireshark.
  • Empty output: check your display filter and packet limit.
  • Output huge: switch to “Headers only” or NDJSON, reduce max packets.
  • API health check (server-side): curl -I https://omnvert.com/api/tools/pcap-to-json and curl -I https://omnvert.com/tr/api/tools/pcap-to-json

FAQ

  • Can I convert PCAPNG? Yes, both pcap and pcapng are supported.
  • Is my file uploaded to a server? Processing is transient on the backend; files are not stored.
  • Why is output too large? Lower max packets, use headers-only, or NDJSON/compact.
  • How to filter packets? Use Wireshark display filters (e.g., ip.addr==1.1.1.1 && tcp).
  • What is NDJSON? Newline-delimited JSON; one JSON object per line for streaming.
  • Does it preserve timestamps? Yes by default; you can toggle them off.

About

Turn raw packet captures into structured JSON for scripting, incident response, and automation. Upload a .pcap/.pcapng, optionally apply a Wireshark display filter, and export in a format that fits your pipeline (JSON array, NDJSON, or compact).

Filters are the key for practical exports: keep only what you need (e.g., specific hosts, ports or protocols), then cap the number of packets if you’re creating a lightweight sample for tickets, debugging or dashboards. You can also toggle timestamps and choose how much of each packet to include (headers vs payload).

If you’re sharing captures, redaction helps reduce sensitive data exposure. The result is downloadable JSON that you can feed into jq, Python, SIEM tooling, or custom parsers—without manually clicking around in Wireshark.

This page covers a practical workflow for PCAP → JSON.

PCAP to JSON Converter is designed to be straightforward: pick your input, choose the output settings, and generate a result you can copy or download. We focus on predictable defaults so you can get a usable output quickly, then fine-tune only when you need to.

If you’re using this tool for work, treat the result like any other export: verify a small sample first, then run the full job. Small checks (file size, encoding, preview, or a spot-check of values) prevent surprises later when you publish, upload, or share the output.

Quality and compatibility often pull in different directions. When you want maximum compatibility, choose widely supported options. When you want smaller size or faster delivery, pick modern formats and compression settings—but keep an original copy so you can re-export without compounding losses.

Privacy matters. Some tools run fully in your browser, while others may need server-side processing (for heavy conversions or specialized libraries). Where uploads are required, keep files non-sensitive and avoid including secrets in inputs. Always review the final output before sharing publicly.

Troubleshooting tips: if the output looks wrong, try changing one setting at a time, and confirm your input is what you think it is (color profile, transparency, encoding, delimiters, or line endings). Many issues come from an unexpected input variant rather than a broken converter.

For best UX, we keep the interface minimal and the results easy to copy. If you’re on mobile, prefer shorter inputs and smaller files, and use Wi‑Fi for large uploads. On desktop, batch workflows are usually faster and easier to verify.

A practical workflow looks like this: (1) start from the highest-quality source you have, (2) run a quick test with default settings, (3) adjust only one parameter at a time if needed, and (4) validate the output in the place it will actually be used (website, app, email, print, or a media player). This keeps results consistent and makes it clear which setting caused which change.

If you repeat the same task often, consistency is more valuable than tiny optimizations. Use stable naming (include format, size, and date in the filename), keep a “known good” sample for comparison, and save your preferred settings as a habit. When exporting multiple items, process them in small batches so you can spot problems early.

FAQ

What file types are supported?
PCAP and PCAPNG (.pcap / .pcapng).
What is a Wireshark display filter?
It’s Wireshark’s filter language (e.g., tcp && ip.addr==1.2.3.4) used to select only matching packets for export.
JSON vs NDJSON — which should I pick?
JSON is a single array; NDJSON writes one JSON object per line and works well for streaming/line-based tools; compact output is smaller for quick inspection.
Can I anonymize sensitive values?
Use the redaction option to reduce sensitive fields before downloading and sharing results.
Is my capture stored?
The file is processed to produce the output and is not intended to be retained. Avoid uploading highly sensitive captures if you cannot share them.
Is it free to use?
Yes—this tool is free to use. Usage limits may apply for very large files or extreme workloads.

Related Tools