I have a folder (containing many sub-folders) full of pcap files and I'd like to get all pcap files containing packets that match a certain condition, for example "have source IP 1.1.1.1". Do you know any tool that does that kind of search?
I need this both for Windows and Ubuntu
PcapSearch does exactly what you need. It's part of the PcapPlusPlus library and it's cross-platform so it'd work on Windows and Linux
In your case use it as follows (Linux case):
./PcapSearch -d /your/folder/ -s "ip src 1.1.1.1"
you can also use the -r switch to write results to a file, it'll also print the match packets to that report
EDIT: if you don't want or can't compile this utility, please take a look at PcapPlusPlus recent release, it contains binaries for quite a lot of platforms such as Windows, Ubuntu (12.04/14.04) and Mac OS X (Mavericks/Yosemite/El Capitan)
