Using file sets in Wireshark is a great feature. It allows for quickly navigating between smaller files instead of experiencing sluggish performance when analyzing one large file. However, there are times when packet captures were taken using a system other than Wireshark (such as TCPDump or Dumpcap). Other times someone else performs the captures and uses a different naming convention. Either way, there are times when it would be nice to convert these names into Wireshark’s file set naming convention. For a full write-up on the function and naming convention, please see Wireshark’s documentation here. To get started renaming files, please see below.
Using Windows PowerShell:
- Create a folder where you want to rename files
- Create a new powershell script file with .ps1 extension (i.e. rename.ps1)
- Use the following script:
4. Run the script by executing it in PowerShell or right-clicking on it and selecting “Run with Powershell”
Disclaimer: I’m relatively new to PowerShell, so this script isn’t the most efficient. As I learn how to combine some of these steps, I will update this post. Or, please feel free to leave a comment explaining how to do this more efficiently.
Using Linux Bash:
- Create a new folder where you want to rename files
- Create a new bash script with permissions to execute
- Paste the following into your script:
echo -n “Please enter the name prefix: ”
echo “New Filenames:”
for i in *.*cap*; do
modtime=$(date -r $i +%Y%m%d%H%M%S)
new=$(printf “$name””_””%05d””_””$modtime””.pcap” “$a”)
mv -i — “$i” “$new”
4. Execute the script by entering ./scriptname into your command line in the directory with your script and files to convert.