OH3VCI OH3VCI - 1 year ago 193
Node.js Question

How to get data from pcap in node.js

I want to get data of pcap like frame number, frame time, ip and so on in node.js. However, I couldn't find any module I wanted. So, I tried to use tshark. But the result values was cut. Then, how I get perfect result?

Below are some details I tried.

var spawn = require('child_process').spawn;
var fs = require('fs');

var args = [
'-e', 'frame.number',
'-e', 'frame.time',
'-e', 'ip.src',
'-e', 'ip.dst',
'-e', 'ip.proto',
'-e', 'tcp.srcport',
'-e', 'tcp.dstport',
'-e', 'udp.srcport',
'-e', 'udp.srcport',
'-e', 'udp.dstport',
'-e', 'ip.len',
'-E', 'header=y',
'-r', 'smallFlows.pcap'

var cmd = spawn('tshark', args, {
cwd: 'C:\\Program Files\\Wireshark\\'

cmd.stdout.on('data', function(data) {
fs.writeFile('result.txt', data, function(err) {
if(err) throw err;
console.log('It\'s saved!');

cmd.stderr.on('data', function(data) {

cmd.on('exit', function(code) {
console.log('child process exited with code ' + code);


enter image description here

Answer Source

You cannot assume anything about the size of data chunks passed to data event handlers. It could be one byte or it could be the entire output from the child process.

If you're just wanting to write the output to a file, you can just pipe it:

var cmd = spawn('tshark', args, {
  cwd: 'C:\\Program Files\\Wireshark\\'
cmd.stdout.pipe(fs.createWriteStream('result.txt')).on('finish', function() {
  console.log('File completely written');
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download