# Rename Files to WS File Set Format

Contents

Using file sets in Wireshark is a great feature. It allows for quickly navigating between smaller files instead of experiencing sluggish performance when analyzing one large file. However, there are times when packet captures were taken using a system other than Wireshark (such as TCPDump or Dumpcap). Other times someone else performs the captures and uses a different naming convention. Either way, there are times when it would be nice to convert these names into Wireshark’s file set naming convention. For a full write-up on the function and naming convention, please see Wireshark’s documentation here. To get started renaming files, please see below.

### Using Windows PowerShell:

1. Create a folder where you want to rename files
2. Create a new powershell script file with .ps1 extension (i.e. rename.ps1)
3. Use the following script:

4. Run the script by executing it in PowerShell or right-clicking on it and selecting “Run with Powershell”

Disclaimer: I’m relatively new to PowerShell, so this script isn’t the most efficient. As I learn how to combine some of these steps, I will update this post. Or, please feel free to leave a comment explaining how to do this more efficiently.

### Using Linux Bash:

1. Create a new folder where you want to rename files
2. Create a new bash script with permissions to execute
3. Paste the following into your script:

echo -n “Please enter the name prefix: ”

a=1

echo “New Filenames:”

for i in *.*cap*; do

modtime=$(date -r$i +%Y%m%d%H%M%S)
new=$(printf “$name””_””%05d””_””$modtime””.pcap” “$a”)
echo $new mv -i — “$i” “\$new”
((a++))

Done

4. Execute the script by entering ./scriptname into your command line in the directory with your script and files to convert.