OH3VCI OH3VCI - 3 months ago 30
Node.js Question

How to get data from pcap in node.js

I want to get data of pcap like frame number, frame time, ip and so on in node.js. However, I couldn't find any module I wanted. So, I tried to use tshark. But the result values was cut. Then, how I get perfect result?

Below are some details I tried.




var spawn = require('child_process').spawn;
var fs = require('fs');

var args = [
'-Tfields',
'-e', 'frame.number',
'-e', 'frame.time',
'-e', 'ip.src',
'-e', 'ip.dst',
'-e', 'ip.proto',
'-e', 'tcp.srcport',
'-e', 'tcp.dstport',
'-e', 'udp.srcport',
'-e', 'udp.srcport',
'-e', 'udp.dstport',
'-e', 'ip.len',
'-E', 'header=y',
'-r', 'smallFlows.pcap'
];

var cmd = spawn('tshark', args, {
cwd: 'C:\\Program Files\\Wireshark\\'
});

cmd.stdout.on('data', function(data) {
console.log('done!');
fs.writeFile('result.txt', data, function(err) {
if(err) throw err;
console.log('It\'s saved!');
});
});

cmd.stderr.on('data', function(data) {
});

cmd.on('exit', function(code) {
console.log('child process exited with code ' + code);
});


result



enter image description here

Answer

You cannot assume anything about the size of data chunks passed to data event handlers. It could be one byte or it could be the entire output from the child process.

If you're just wanting to write the output to a file, you can just pipe it:

var cmd = spawn('tshark', args, {
  cwd: 'C:\\Program Files\\Wireshark\\'
});
cmd.stdout.pipe(fs.createWriteStream('result.txt')).on('finish', function() {
  console.log('File completely written');
});