Convert with tshark via command shell script

Question

I'm trying to have a cronjob convert files with tshark.

This is my script so far:

files=$(find /home/user/traces/*.pcap -mmin +10 -type f)
echo "$files" | tshark -r - -T ek > '/home/user/traces/converted/'-.json

I'm trying to convert files older than 10 minutes, and put them in converted folder.

But it fails with:

tshark: The standard input isn't a capture file in a format TShark understands.

I think the passing of filenames to tshark fails, but not sure.

For reference, this single command does work:

tshark -r /home/user/traces/trace.pcap -T ek > /home/user/traces/converted/trace.pcap.json

UPDATE

Seems to work with for loop:

files=$(find /home/user/traces/*.pcap -mmin +10 -type f)

for file in $files
do
  echo "processing file: $file"
  tshark -r $file -T ek > "$file.json"
done

Answer 1

$files includes files in line by line bases. I believe multiple files cannot be captured in with echo "$files" | tshark -r -.

It seems that you need to have loop

IFS=$'\n'       # make newlines the only separator
for f in $files    
do
    ...
done

Answer 2

-r <infile>

Read packet data from infile, can be any supported capture file format (including gzipped files). It is possible to use named pipes or stdin (-) here but only with certain (not compressed) capture file formats (in particular: those that can be read without seeking backwards).

TShark does not use its standard input (-) to read file a filename but read file contents, like this:

cat file.pcap | tshark -r - -T ek > "other-file.json"

In your case, since you need the output filename to be separate, I would suggest using a loop, like in this Stackexchange post.