Parsing pcap Files in Node.js with pcap-parser

By Jeff Kunkle on January 12, 2012 8:00 AM | Permalink | Comments (0) | TrackBacks (0)

On my current project we've been using Node.js for an app that does a lot of packet capture and processing. In the past we used node-pcap for packet capture but were looking for an easier way to simply parse raw pcap files. It turns out the pcap file format is pretty simple as was writing a node module to parse it.

The module, called pcap-parser, can be used to parse any pcap file or readable pcap stream, such as the piped output of tcpdump. As packets are parsed, pcap-parser emits relevant events to which your node program can listen. It's a really simple way to process a theoretically infinite stream of pcap data. The code below shows a basic example of it in action. Please check out the project page for more details.

var pcapp = require('pcap-parser');

var parser = new pcapp.Parser('/path/to/file.pcap');
// var parser = new pcapp.Parser(process.stdin);

parser.on('packet', function(packet) {
  console.log(packet.header);
  console.log(packet.data);
});

parser.parse(); // to kick things off

Name

Email Address

URL

Remember personal info?

Comments

0 TrackBacks

Listed below are links to blogs that reference this entry: Parsing pcap Files in Node.js with pcap-parser.

TrackBack URL for this entry: http://www.nearinfinity.com/mt/mt-tb.cgi/1720

.NET ADO.Net Data Services agile apple big Big Data bootcamp C# cocoa database groovy hibernate iphone java javascript LINQ nerd performance ranch ruby SharePoint SharePoint 2010 spring testing validation

We're Hiring!

Quick Links

Parsing pcap Files in Node.js with pcap-parser

Categories:

Tags:

Leave a comment

0 TrackBacks

Search

Categories

Author Archives

Tag Cloud