npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

pcap-ng-parser

v1.0.0

Published

Node.js Module for parsing .pcapng files and tcpdump output.

Downloads

650

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kingnebbykingnebbycollinear-groupcollinear-group

Keywords

pcap-ngtcpdumpparsernetworkpackets

Readme

Overview

PCAP-NG-Parser is a stream-based module to decode, print and analyze network traffic packets. With this module, you can read from an existing .pcapng file or connect it to an active stream. PCAP-NG-Parser is currently in active development. At this time, it supports only ethernet protocols from the output of TCPDump v. 4.9.2.

Why capture packets in JavaScript

Excerpt from: https://github.com/node-pcap/node_pcap

There are already many tools for capturing, decoding, and analyzing packets.  Many of them are thoroughly
tested and very fast.  Why would anybody want to do such low level things like packet capture and analysis
in JavaScript?  A few reasons:

* JavaScript makes writing event-based programs very natural.  Each packet that is captured generates an
event, and as higher level protocols are decoded, they might generate events as well.  Writing code to handle
these events is much easier and more readable with anonymous functions and closures.

* Node makes handling binary data in JavaScript fast and efficient with its Buffer class.  Decoding packets involves
a lot of binary slicing and dicing which can be awkward with JavaScript strings.

* Writing servers that capture packets, process them somehow, and then serve the processed data up in some way is
very straightforward in node.

* Node has a very good HTTP parser that is used to progressively decode HTTP sessions.

Installation

This module is available through the npm registry.

$ npm install pcap-ng-parser

Usage

Via .pcapng File

Here is a quick example of how to log out packets to the console from a valid .pcapng file named myfile.pcapng.

const PCAPNGParser = require('pcap-ng-parser')
const pcapNgParser = new PCAPNGParser()
const myFileStream = require('fs').createReadStream('./myfile.pcapng')

myFileStream.pipe(pcapNgParser)
    .on('data', parsedPacket => {
        console.log(parsedPacket)
    })
    .on('interface', interfaceInfo => {
        console.log(interfaceInfo)
    })

In the example above, we create a new Readable stream from our file and pipe the instance pcapNgParser which will read our packet data on the _transform event.

Via TCPDump

You can also pipe from TCPDump using process.stdin for a command line interaction.

const PCAPNGParser = require('pcap-ng-parser')
const pcapNgParser = new PCAPNGParser()

process.stdin.pipe(pcapNgParser)
    .on('data', parsedPacket => {
        console.log(parsedPacket)
    })
    .on('interface', interfaceInfo => {
        console.log(interfaceInfo)
    })
$ sudo tcpdump -w - | node exampleAbove.js

Note that in order to utilize tcpdump you must be a superuser. Refer to tcpdump documentation for details.

Other Examples

Additional examples can be found in the examples directory.

Class PCAPNGParser

PCAPNGParser is an extension of the stream.Transform class. The PCAPNGParser class has a modified data event and a custom interface event. For any additional details for how to interface with Transform streams, refer to the Node.js stream documentation.

Property 'interfaces'

  • interfaces | Array | List of all interfaces that the instance of PCAPNGParser has interacted with.

Event 'data'

  • parsedPacket | Object | The parsed packet data. The data event is emitted whenever the PCAPNGParser stream is ready to relinquish ownership of packet data to a consumer.

Example of a parsedPacket object:

{
    interfaceId: 0,
    timestampHigh: 355515,
    timestampLow: 1834438968,
    data: <Buffer >
}

Description of parsedPacket Properties

  • interfaceId | integer | The order in which PCAPNGParser has interacted with the interface. Interface can be accessed by accessing the interfaces property of the instance of the PCAPNGParser class.
  • timestampHigh | integer | The upper 32 bits of the 64-bit timestamp integer. Refer to the PCAPNG documentation on this matter for more details.
  • timestampLow | integer | The lower 32 bits of the 64-bit timestamp integer. Refer to the PCAPNG documentation on this matter for more details.
  • data | buffer | A buffer with the data of the current packet.

Event 'interface'

  • interfaceInfo | object | Interface Data. The interface event is emitted whenever the PCAPNGParser stream has encountered a new interface type not encountered yet.

Example of an interfaceInfo object:

{
    linkType: 1,
    snapLen: 262144,
    name: 'en0'
}

Description of interfaceInfo Properties

  • linkType | integer | The linktype of the current interface. Refer to the TCPDump Link-Layer header documentation for more details.
  • snapLen | integer | An estimate for the length of the packets coming from the interface.
  • name | string | The name of the interface.

Contribution

Refer to the the Contribution Guide for details on how to contribute.

License

This module is covered under the BSD-3 Open Software License. Review the License Documention for more information.