GitHub - seti123/pcap_offline: Offline version for node_pcap

Offline PCAP based on mranny/node_pcap, kunklejr/node-pcap-parser, wanderview/node-pcap-stream

npm install seti123/pcap_offline

Major Changes: instead of openOffline use readPcap('file.pcap', function (packet) {});

It's based on pcap-stream and pcap-parser to replace native libpcap binding.
Improvement: it detects IP packets more or less independet from link-layer.
Limitation: lost packet filter capabilities of native libpcap, pcap-ng not supported by pcap-stream (as far I know)

An Example

var pcap = require ('./pcap_offline'); // or with mpn, require ('pcap_offline')
var tcp_tracker = new pcap.TCP_tracker();
tcp_tracker.on('http response complete', function (session,http) {
	console.log (http.request.headers['Host'] + http.request.url);
	console.log (http.response.headers['Content-Length'] );
});
// here it gets different (!), don't use openOffline use readPcap
var session = pcap.readPcap ('test.pcap', function (packetBuffer) { 
	var packet = pcap.decode.packet(packetBuffer);
	if (packet.link && packet.link.ip && packet.link.ip.tcp) {
                    tcp_tracker.track_packet(packet);
  }
});

session.readStream.on('end', function() { process.exit(0) });

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md
expample.js		expample.js
package.json		package.json
pcap_offline.js		pcap_offline.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Releases

Packages

Languages

seti123/pcap_offline

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages