I am currently searching for ways to convert tcpdump output (be it text file or pcap file) and convert it to json file format. Are there any ways to do that?
Does parse-pcap do the trick?
Because I have some problem using parse-pcap as shown below. Or is there another way to do that? Thank you very much
Probably it's too late but hope it helps others who come here:
Wireshark has a feature to export it's capture files to JSON. So open the file in Wireshark and then:
File->Export Packet Dissections->As JSON
I am currently searching for ways to convert tcpdump output (be it text file or pcap file) and convert it to json file format. Are there any ways to do that?
Not without a clear specification of what it means to "convert it to JSON file format". JSON isn't a file format for network traffic, it's a format for representing data that's in the form of attribute/value pairs, so you have to decide what items in the capture you want to have represented as attributes and their values.
I.e., this is like asking to convert a network traffic capture "to SQL"; you have to pick a schema before you can do that.
Does parse-pcap do the trick?
If "parse-pcap" is the Python program you can get from this GitHub repository, it doesn't appear as if it does. They do talk about "[formatting] JSON content in a beautiful way", but that's referring to HTTP requests or responses in which the data being transferred over HTTP is in JSON format, not to actually turning the packets into JSON.
Because I have some problem using parse-pcap as shown below.
Your problems are due to not using the -o flag to specify the output file. It appears that you want to write to a file named hello.json, but you didn't specify hello.json as an argument to -o; instead, you just specified it as a regular argument, which means it tries to read from that file and, as it doesn't exist, the attempt to open it failed and got an exception.
Note also that parse_pcap only reads pcap or pcap-ng files; it can't read the text output from tcpdump, so you'd need to specify -w - as an argument to tcpdump.