Skip to content

onomondo/pcap-generator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

pcap-generator

Generate PCAP files from packets

# npm install pcap-generator

Usage

pcap-generator can be used both in Node and in the browser. In Node.js it uses the native Buffer and in the browser you have to specify it by calling .configure

Note that it supports both miliseconds (timestamp is an integer) and microseconds (timestamp is a float).

Node.js

const generator = require('pcap-generator')
const fs = require('fs')

const ipPackets = [{
  timestamp: Date.now(), // miliseconds
  buffer: Buffer.from('4500002d000000000011d0970a0a0a0a0b0b0b0b450000210019ffff7b2268656c6c6f223a22776f726c64227d', 'hex')
}]
const pcapFile = generator(ipPackets)

fs.writeFileSync('test.pcap', pcapFile)
console.log('Open test.pcap in Wireshark')

Browser (in this example uses the buffer module)

import { Buffer } from 'buffer'
import { configure } from 'pcap-generator'

const generator = configure({ Buffer: Buffer })
const ipPackets = [{
  timestamp: 1802869.484431046, // microseconds
  buffer: Buffer.from('4500002d000000000011d0970a0a0a0a0b0b0b0b450000210019ffff7b2268656c6c6f223a22776f726c64227d', 'hex')
}]
const pcapFile = generator(ipPackets)

console.log('This here is your pcap file in hex:', pcapFile.toString('hex'))

API

(packets)

packets is an array of of objects similar to:

[{
  timestamp: Date.now(),
  buffer: somePacket
}]

Returns a buffer of the generated pcap file.

.configure(opts)

Returns a new instance of pcap-generator with the passed options.

  • Buffer. Override the Buffer used. Default: Buffer (in Node.js) or none (in the browser)
  • linkLayerType. The type of packets in the file. E.g. 101 for raw IP packets, or 1 for Ethernet packets. See https://www.tcpdump.org/linktypes.html for more details Default: 101 (Raw IP packets)
  • majorVersion. Major version of pcap. Default: 2
  • minorVersion. Minor version of pcap. Default: 4
  • gmtOffset. The GMT offset in pcap. Default: 0
  • timestampAccuracy. The accuracy of the timestamps. Default: 0
  • snapshotLength. The snapshot length of the packets. Default: 65535

About

Generate pcap files from raw packets

Resources

Stars

Watchers

Forks

Packages

No packages published