Output pcapng to Different Useful Formats

At times you might be required to use some or all the contents of a PCAP Next Generation Dump File Format (pcapng for short) file in formats that were not for packet data, like JSON and even C arrays.

This can be every easily accomplished with Wireshark application itself. Open the File menu to get started. Click Export Packet Dissections to open the menu.

Click on the item that will save in your desired output or adjust the Save as type selection on the dialog.

Once you have determined the filename and location, packet range, and packet format, click the Save button to save to the file in the format you chose.

Example output of packet in JSON format. Warning this output is verbose.

  {
    "_index": "packets-2004-12-05",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "frame": {
          "frame.interface_id": "0",
          "frame.interface_id_tree": {
            "frame.interface_name": "unknown"
          },
          "frame.encap_type": "1",
          "frame.time": "Dec  5, 2004 15:16:24.317453000 Atlantic Standard Time",
          "frame.offset_shift": "0.000000000",
          "frame.time_epoch": "1102274184.317453000",
          "frame.time_delta": "0.000000000",
          "frame.time_delta_displayed": "0.000000000",
          "frame.time_relative": "0.000000000",
          "frame.number": "1",
          "frame.len": "314",
          "frame.cap_len": "314",
          "frame.marked": "0",
          "frame.ignored": "0",
          "frame.protocols": "eth:ethertype:ip:udp:dhcp",
          "frame.coloring_rule.name": "UDP",
          "frame.coloring_rule.string": "udp"
        },
        "eth": {
          "eth.dst": "ff:ff:ff:ff:ff:ff",
          "eth.dst_tree": {
            "eth.dst_resolved": "Broadcast",
            "eth.dst.oui": "16777215",
            "eth.addr": "ff:ff:ff:ff:ff:ff",
            "eth.addr_resolved": "Broadcast",
            "eth.addr.oui": "16777215",
            "eth.dst.lg": "1",
            "eth.lg": "1",
            "eth.dst.ig": "1",
            "eth.ig": "1"
          },
          "eth.src": "00:0b:82:01:fc:42",
          "eth.src_tree": {
            "eth.src_resolved": "Grandstr_01:fc:42",
            "eth.src.oui": "2946",
            "eth.src.oui_resolved": "Grandstream Networks, Inc.",
            "eth.addr": "00:0b:82:01:fc:42",
            "eth.addr_resolved": "Grandstr_01:fc:42",
            "eth.addr.oui": "2946",
            "eth.addr.oui_resolved": "Grandstream Networks, Inc.",
            "eth.src.lg": "0",
            "eth.lg": "0",
            "eth.src.ig": "0",
            "eth.ig": "0"
          },
          "eth.type": "0x00000800"
        },
        "ip": {
          "ip.version": "4",
          "ip.hdr_len": "20",
          "ip.dsfield": "0x00000000",
          "ip.dsfield_tree": {
            "ip.dsfield.dscp": "0",
            "ip.dsfield.ecn": "0"
          },
          "ip.len": "300",
          "ip.id": "0x0000a836",
          "ip.flags": "0x00000000",
          "ip.flags_tree": {
            "ip.flags.rb": "0",
            "ip.flags.df": "0",
            "ip.flags.mf": "0"
          },
          "ip.frag_offset": "0",
          "ip.ttl": "250",
          "ip.proto": "17",
          "ip.checksum": "0x0000178b",
          "ip.checksum.status": "2",
          "ip.src": "0.0.0.0",
          "ip.addr": "0.0.0.0",
          "ip.src_host": "0.0.0.0",
          "ip.host": "0.0.0.0",
          "ip.dst": "255.255.255.255",
          "ip.addr": "255.255.255.255",
          "ip.dst_host": "255.255.255.255",
          "ip.host": "255.255.255.255"
        },
        "udp": {
          "udp.srcport": "68",
          "udp.dstport": "67",
          "udp.port": "68",
          "udp.port": "67",
          "udp.length": "280",
          "udp.checksum": "0x0000591f",
          "udp.checksum.status": "2",
          "udp.stream": "0",
          "Timestamps": {
            "udp.time_relative": "0.000000000",
            "udp.time_delta": "0.000000000"
          }
        },
        "dhcp": {
          "dhcp.type": "1",
          "dhcp.hw.type": "0x00000001",
          "dhcp.hw.len": "6",
          "dhcp.hops": "0",
          "dhcp.id": "0x00003d1d",
          "dhcp.secs": "0",
          "dhcp.flags": "0x00000000",
          "dhcp.flags_tree": {
            "dhcp.flags.bc": "0",
            "dhcp.flags.reserved": "0x00000000"
          },
          "dhcp.ip.client": "0.0.0.0",
          "dhcp.ip.your": "0.0.0.0",
          "dhcp.ip.server": "0.0.0.0",
          "dhcp.ip.relay": "0.0.0.0",
          "dhcp.hw.mac_addr": "00:0b:82:01:fc:42",
          "dhcp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00",
          "dhcp.server": "",
          "dhcp.file": "",
          "dhcp.cookie": "99.130.83.99",
          "dhcp.option.type": "53",
          "dhcp.option.type_tree": {
            "dhcp.option.length": "1",
            "dhcp.option.value": "01",
            "dhcp.option.dhcp": "1"
          },
          "dhcp.option.type": "61",
          "dhcp.option.type_tree": {
            "dhcp.option.length": "7",
            "dhcp.option.value": "01:00:0b:82:01:fc:42",
            "dhcp.hw.type": "0x00000001",
            "dhcp.hw.mac_addr": "00:0b:82:01:fc:42"
          },
          "dhcp.option.type": "50",
          "dhcp.option.type_tree": {
            "dhcp.option.length": "4",
            "dhcp.option.value": "00:00:00:00",
            "dhcp.option.requested_ip_address": "0.0.0.0"
          },
          "dhcp.option.type": "55",
          "dhcp.option.type_tree": {
            "dhcp.option.length": "4",
            "dhcp.option.value": "01:03:06:2a",
            "dhcp.option.request_list_item": "1",
            "dhcp.option.request_list_item": "3",
            "dhcp.option.request_list_item": "6",
            "dhcp.option.request_list_item": "42"
          },
          "dhcp.option.type": "0",
          "dhcp.option.type_tree": {
            "dhcp.option.end": "255"
          },
          "dhcp.option.padding": "00:00:00:00:00:00:00"
        }
      }
    }
  }

Enjoy.

Mar 23rd, 2020 • Posted in Networking, Wireshark
No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>