About
Turn raw packet captures into structured JSON for scripting, incident response, and automation. Upload a .pcap/.pcapng, optionally apply a Wireshark display filter, and export in a format that fits your pipeline (JSON array, NDJSON, or compact).
Filters are the key for practical exports: keep only what you need (e.g., specific hosts, ports or protocols), then cap the number of packets if you’re creating a lightweight sample for tickets, debugging or dashboards. You can also toggle timestamps and choose how much of each packet to include (headers vs payload).
If you’re sharing captures, redaction helps reduce sensitive data exposure. The result is downloadable JSON that you can feed into jq, Python, SIEM tooling, or custom parsers—without manually clicking around in Wireshark.
FAQ
›What file types are supported?
PCAP and PCAPNG (.pcap / .pcapng).
›What is a Wireshark display filter?
It’s Wireshark’s filter language (e.g., tcp && ip.addr==1.2.3.4) used to select only matching packets for export.
›JSON vs NDJSON — which should I pick?
JSON is a single array; NDJSON writes one JSON object per line and works well for streaming/line-based tools; compact output is smaller for quick inspection.
›Can I anonymize sensitive values?
Use the redaction option to reduce sensitive fields before downloading and sharing results.
›Is my capture stored?
The file is processed to produce the output and is not intended to be retained. Avoid uploading highly sensitive captures if you cannot share them.