Warning: some traces include VLAN tags. In such traces you will need to use the vlan option to your tool to decode additional framign.
Wireshark reads pcap and ERF format, and will output text or binary formats.
Wireshark includes a GUI that lets you browse traffic. That’s ag reat place to start.
Wireshark includes tshark, a command-line tool to convert packets to text.
For example, the first file in lander_sample-20080903 is 20080903-110016-h0038f0000, and
tshark -t e -r 20080903-110016-h0038f0000|head -3
1 1220464816.547976851 188.8.131.52 -> 184.108.40.206 TCP 452 80→50828 [PSH, ACK] Seq=1 Ack=1 Win=25416 Len=390 2 1220464816.547980592 220.127.116.11 -> 18.104.22.168 TCP 68 80→50828 [FIN, ACK] Seq=391 Ack=1 Win=25416 Len=0 3 1220464816.547975659 22.214.171.124 -> 126.96.36.199 TCP 1322 1935→50818 [ACK] Seq=1 Ack=1 Win=64288 Len=1260
Tshark can output in multiple formats, including JSON, and the output can be customized. So in addition to parsing the default tshark ascii, one might customize the output and the read it directly into another program.
Tcpdump is a tool like wireshark that also reads packet capture data and can output text format data. (By default it only reads pcap files, not ERF files.)
ERF is a bit rarer. For years we used it because of higher precision timestamps and support for Endace hardware, but pcap how supports higher precision.