This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to convert .cap to .pcap

0

Hi there I have over 300 cap files that some that had been generated. I'm looking to use network miner to analyse these files, the only trouble is network miner can only read pcap captures. I know you can re save a cap to pcap, but i dont want to do this 300 times. Is there a way to convert cap to pcap in a batch? or merge all 300 together in a batch then re save the unified batch to pcap??

asked 10 Jan '16, 12:49

Kenny%20Kev's gravatar image

Kenny Kev
6113
accept rate: 0%

edited 11 Jan '16, 03:08

grahamb's gravatar image

grahamb ♦
19.8k330206

What is the intend of removing the question?

(11 Jan '16, 02:06) Jaap ♦

I've reverted that change.

(11 Jan '16, 03:08) grahamb ♦

What is the intend of removing the question?

maybe, homework and the fear to get caught ?!?

(11 Jan '16, 07:15) Kurt Knochner ♦

One Answer:

0

You can use editcap in a script.

editcap -F pcap input.cap output.pcap

If you loop over the files in a script, you can automatically convert all files.

Regards
Kurt

answered 10 Jan '16, 13:01

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 10 Jan '16, 13:08

see the link in my answer. (loop over files...).

Like:

for /r %i in (*.cap) do editcap -F pcap %i %i.pcap

(10 Jan '16, 13:05) Kurt Knochner ♦

The examples are in my answer and my comment. What exactly does not work? Any error messages?

BTW: editcap is probably not in your PATH variable on Windows, so you'll have to start it with

"c:\program files\wireshark\editcap"

or

"c:\program files (x86)\wireshark\editcap"

(10 Jan '16, 14:26) Kurt Knochner ♦