Server-sideProcessed server-side
This tool uses a server-side service for processing; uploaded files or requests are not kept for long-term storage.
About
Turn raw packet captures into structured JSON for scripting, incident response, and automation. Upload a .pcap/.pcapng, optionally apply a Wireshark display filter, and export in a format that fits your pipeline (JSON array, NDJSON, or compact).
Filters are the key for practical exports: keep only what you need (e.g., specific hosts, ports or protocols), then cap the number of packets if you’re creating a lightweight sample for tickets, debugging or dashboards. You can also toggle timestamps and choose how much of each packet to include (headers vs payload).
If you’re sharing captures, redaction helps reduce sensitive data exposure. The result is downloadable JSON that you can feed into jq, Python, SIEM tooling, or custom parsers—without manually clicking around in Wireshark.
How it works
- 1Open PCAP to JSON Converter and choose your file or enter the required input.
- 2Check the settings and start the process.
- 3The tool creates the result with temporary server-side processing.
- 4Download the output or copy the result when it is ready.
FAQ
›What file types are supported?
PCAP and PCAPNG (.pcap / .pcapng).
›What is a Wireshark display filter?
It’s Wireshark’s filter language (e.g., tcp && ip.addr==1.2.3.4) used to select only matching packets for export.
›JSON vs NDJSON — which should I pick?
JSON is a single array; NDJSON writes one JSON object per line and works well for streaming/line-based tools; compact output is smaller for quick inspection.
›Can I anonymize sensitive values?
Use the redaction option to reduce sensitive fields before downloading and sharing results.
›Is my capture stored?
The file is processed to produce the output and is not intended to be retained. Avoid uploading highly sensitive captures if you cannot share them.