IT
OmnvertImage • Document • Network
ENTRIDPL

PCAP → JSON Converter

Upload a PCAP/PCAPNG, optionally add a Wireshark display filter, and get rich JSON output.

Fast Private No sign-up
Max 15 MB • .pcap/.pcapng
Drag & drop or Browse
Accepted: .pcap, .pcapng • Max 15 MB
Include timestamps
Redact MAC/IP (mask last octet/byte)
No sign-upFiles processed transientlyLimit 15 MB

JSON Preview

Your JSON preview will appear here after conversion.
Related tools
PCAP Conversations PCAP → Flows CSV HTTP Headers & Redirects DNS Propagation ASN / Prefix Lookup IP Subnet Calculator

PCAP to JSON: why and how

PCAP and PCAPNG files capture network packets exactly as they appeared on the wire. Converting them to JSON or NDJSON makes them easy to feed into scripting pipelines, SIEM tools, incident-response workflows, and data science notebooks.

JSON output keeps the structure of each packet—frame metadata, Ethernet, IP, TCP/UDP, DNS, HTTP, TLS, and more. NDJSON writes one packet per line, which is ideal for streaming to tools like jq, Logstash, Splunk, or BigQuery. Compact JSON removes whitespace for smaller downloads.

PCAP vs PCAPNG

PCAP is the classic format, while PCAPNG adds per-packet metadata and multiple interfaces. This converter handles both, letting you extract the fields you need and cap the number of packets to keep results manageable.

Use cases

  • Feed Wireshark/tshark JSON into SIEM or log pipelines.
  • Run quick scripts (Python, Node.js) on NDJSON to aggregate flows.
  • Incident response: mask IP/MAC before sharing samples.
  • Data science: load compact JSON into notebooks for protocol analysis.

Output formats

  • Wireshark JSON: Wireshark JSON: matches tshark -T json output, indented for readability.
  • NDJSON (one packet per line): NDJSON: one packet per line, perfect for streaming and grep-friendly workflows.
  • Compact JSON: Compact JSON: no whitespace; smallest file size.

Privacy & security

We cap uploads at 15 MB and process captures transiently. Use the masking toggle to redact MAC/IP by zeroing the last octet/byte. For extra privacy, apply Wireshark display filters to drop unwanted traffic before exporting.

Troubleshooting

  • “File too large”: trim or filter the capture; limit is 15 MB.
  • “Parse error”: ensure the file is valid PCAP/PCAPNG; try re-saving with Wireshark.
  • Empty output: check your display filter and packet limit.
  • Output huge: switch to “Headers only” or NDJSON, reduce max packets.

FAQ

  • Can I convert PCAPNG? Yes, both pcap and pcapng are supported.
  • Is my file uploaded to a server? Processing is transient on the backend; files are not stored.
  • Why is output too large? Lower max packets, use headers-only, or NDJSON/compact.
  • How to filter packets? Use Wireshark display filters (e.g., ip.addr==1.1.1.1 && tcp).
  • What is NDJSON? Newline-delimited JSON; one JSON object per line for streaming.
  • Does it preserve timestamps? Yes by default; you can toggle them off.