Contents

Rename Files to WS File Set Format

WS File Set Window

Using file sets in Wireshark is a great feature. It allows for quickly navigating between smaller files instead of experiencing sluggish performance when analyzing one large file. However, there are times when packet captures were taken using a system other than Wireshark (such as TCPDump or Dumpcap). Other times someone else performs the captures and uses a different naming convention. Either way, there are times when it would be nice to convert these names into Wireshark’s file set naming convention. For a full write-up on the function and naming convention, please see Wireshark’s documentation here. To get started renaming files, please see below.

Using Windows PowerShell:

  1. Create a folder where you want to rename files
  2. Create a new powershell script file with .ps1 extension (i.e. rename.ps1)
  3. Use the following script:

4. Run the script by executing it in PowerShell or right-clicking on it and selecting “Run with Powershell”

 Disclaimer: I’m relatively new to PowerShell, so this script isn’t the most efficient. As I learn how to combine some of these steps, I will update this post. Or, please feel free to leave a comment explaining how to do this more efficiently.

Using Linux Bash:

  1. Create a new folder where you want to rename files
  2. Create a new bash script with permissions to execute
  3. Paste the following into your script:

echo -n “Please enter the name prefix: ”

read name

a=1

echo “New Filenames:”

for i in *.*cap*; do

modtime=$(date -r $i +%Y%m%d%H%M%S)
new=$(printf “$name””_””%05d””_””$modtime””.pcap” “$a”)
echo $new
mv -i — “$i” “$new”
((a++))

Done

4. Execute the script by entering ./scriptname into your command line in the directory with your script and files to convert.