IT
OmnvertImage • Document • Network

PCAP → JSON Converter

Upload a PCAP/PCAPNG, optionally add a Wireshark display filter, and get rich JSON output.

Fast Private No sign-up
Max 50 MB • .pcap/.pcapng
Drag & drop or Browse
Accepted: .pcap, .pcapng • Max 50 MB
Include timestamps
Redact MAC/IP (mask last octet/byte)
No sign-upFiles processed transientlyLimit 50 MB

JSON Preview

Your JSON preview will appear here after conversion.
Related tools
PCAP Conversations PCAP → Flows CSV HTTP Headers & Redirects DNS Propagation ASN / Prefix Lookup IP Subnet Calculator

PCAP to JSON: why and how

PCAP and PCAPNG files capture network packets exactly as they appeared on the wire. Converting them to JSON or NDJSON makes them easy to feed into scripting pipelines, SIEM tools, incident-response workflows, and data science notebooks.

JSON output keeps the structure of each packet—frame metadata, Ethernet, IP, TCP/UDP, DNS, HTTP, TLS, and more. NDJSON writes one packet per line, which is ideal for streaming to tools like jq, Logstash, Splunk, or BigQuery. Compact JSON removes whitespace for smaller downloads.

PCAP vs PCAPNG

PCAP is the classic format, while PCAPNG adds per-packet metadata and multiple interfaces. This converter handles both, letting you extract the fields you need and cap the number of packets to keep results manageable.

Use cases

  • Feed Wireshark/tshark JSON into SIEM or log pipelines.
  • Run quick scripts (Python, Node.js) on NDJSON to aggregate flows.
  • Incident response: mask IP/MAC before sharing samples.
  • Data science: load compact JSON into notebooks for protocol analysis.

Output formats

  • Wireshark JSON: Wireshark JSON: matches tshark -T json output, indented for readability.
  • NDJSON (one packet per line): NDJSON: one packet per line, perfect for streaming and grep-friendly workflows.
  • Compact JSON: Compact JSON: no whitespace; smallest file size.

Privacy & security

We cap uploads at 50 MB and process captures transiently. Use the masking toggle to redact MAC/IP by zeroing the last octet/byte. For extra privacy, apply Wireshark display filters to drop unwanted traffic before exporting.

Troubleshooting

  • “File too large”: trim or filter the capture; limit is 50 MB.
  • “Parse error”: ensure the file is valid PCAP/PCAPNG; try re-saving with Wireshark.
  • Empty output: check your display filter and packet limit.
  • Output huge: switch to “Headers only” or NDJSON, reduce max packets.
  • API health check (server-side): curl -I https://omnvert.com/api/tools/pcap-to-json and curl -I https://omnvert.com/tr/api/tools/pcap-to-json

FAQ

  • Can I convert PCAPNG? Yes, both pcap and pcapng are supported.
  • Is my file uploaded to a server? Processing is transient on the backend; files are not stored.
  • Why is output too large? Lower max packets, use headers-only, or NDJSON/compact.
  • How to filter packets? Use Wireshark display filters (e.g., ip.addr==1.1.1.1 && tcp).
  • What is NDJSON? Newline-delimited JSON; one JSON object per line for streaming.
  • Does it preserve timestamps? Yes by default; you can toggle them off.

About

Turn raw packet captures into structured JSON for scripting, incident response, and automation. Upload a .pcap/.pcapng, optionally apply a Wireshark display filter, and export in a format that fits your pipeline (JSON array, NDJSON, or compact).

Filters are the key for practical exports: keep only what you need (e.g., specific hosts, ports or protocols), then cap the number of packets if you’re creating a lightweight sample for tickets, debugging or dashboards. You can also toggle timestamps and choose how much of each packet to include (headers vs payload).

If you’re sharing captures, redaction helps reduce sensitive data exposure. The result is downloadable JSON that you can feed into jq, Python, SIEM tooling, or custom parsers—without manually clicking around in Wireshark.

Search activity

pcap to jsonpcapng to jsonpcap to ndjsonwireshark pcap to jsontshark pcap to jsonpcap json converter onlinepcap to json with display filterpcap to json anonymize ippcap to json include timestampspcap to compact jsonpcap to json converter onlinepcap to json with wireshark filterpcap to json limit packetsconvert capture file pcap to json

FAQ

What file types are supported?
PCAP and PCAPNG (.pcap / .pcapng).
What is a Wireshark display filter?
It’s Wireshark’s filter language (e.g., tcp && ip.addr==1.2.3.4) used to select only matching packets for export.
JSON vs NDJSON — which should I pick?
JSON is a single array; NDJSON writes one JSON object per line and works well for streaming/line-based tools; compact output is smaller for quick inspection.
Can I anonymize sensitive values?
Use the redaction option to reduce sensitive fields before downloading and sharing results.
Is my capture stored?
The file is processed to produce the output and is not intended to be retained. Avoid uploading highly sensitive captures if you cannot share them.

Related Tools