p o c k e t n o t e s

Tshark is a command line tool used as network protocol analyzer. This tool can be used to capture network traffic, or read an existing pcap file.

Using wireshark to read PCAP files is the best option, but viewing this file in browser can reduce a lot of know-how issues for newbie. PCAP files can be converted to a simpler format like html, which can be accessed using any browser.

Here are steps to convert a pcap file to html,

To try this, download a sample pcap file. If you have one that should be fine, else you can download from wireshark website.

Overview

http.pcap –> convert to .xml –> locate pdml2html –> convert pcap to html

Convert to .xml

You may need elevated privilege to execute below command,

tshark -r http.cap -T pdml > http.xml

Locate pdml2html file

Below is path on Mac, this path may vary

root: locate pdml2html
/Applications/Wireshark.app/Contents/Resources/share/wireshark/pdml2html.xsl

Convert xml to HTML

We need “xsltproc” for this,

root: xsltproc /Applications/Wireshark.app/Contents/Resources/share/wireshark/pdml2html.xsl http.xml > http.html

This will convert file to html format.

---

— By Fabian Darius