• Sumo

Sometimes you want to convert .pcap file from tcpdump or wireshark trace into text file so you can open with any text editor.
To do this conversion you’ll required tshark (If you already install wireshark either for windows or *nix you already have tshark in your computer)

From tshark man page: http://www.wireshark.org/docs/man-pages/tshark.html

TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. TShark‘s native capture file format is libpcap format, which is also the format used by tcpdump and various other tools.

Let’s say you want to convert file testing_diameter.pcap to text file, from Windows CMD or *nix terminal run below command:

tshark -nrĀ testing_diameter.pcap -T text -V > testing_diameter.text

This command will convert full .pcap file include the header into testing_diameter.text

If you only want to convert protocol specified information add -O [protocol] parameter from above command, like below

tshark -nrĀ testing_diameter.pcap -T text -V -O diameter> testing_diameter_only.text