node-pcap-parser icon indicating copy to clipboard operation
node-pcap-parser copied to clipboard
verified publisher icon kunklejr

Any helper methods to parse the basics?

Open LiamKarlMitchell opened this issue 10 years ago • 1 comments

Frame, IP, TCP To get the source/destination and ports.

I guess I can write it if needed but thought it worth asking.

LiamKarlMitchell avatar Aug 22 '15 01:08 LiamKarlMitchell 

function parse_pcap_tcp(buffer) {
    if (buffer.length <= 0x35) {
        return null;
    }

    // Is it TCP Version 4?
    if (buffer.readUInt8(14) != 0x45) {
        return null;
    }

    // Read Source IP
    var sourceIP = buffer.readUInt8(0x1A).toString() + '.' +
        buffer.readUInt8(0x1B).toString() + '.' +
        buffer.readUInt8(0x1C).toString() + '.' +
        buffer.readUInt8(0x1D).toString();

    var destinationIP = buffer.readUInt8(0x1E).toString() + '.' +
        buffer.readUInt8(0x1F).toString() + '.' +
        buffer.readUInt8(0x20).toString() + '.' +
        buffer.readUInt8(0x21).toString();

    var sourcePort = buffer.readUInt16BE(0x22);
    var destinationPort = buffer.readUInt16BE(0x24);

    var data = buffer.slice(0x36);

    return {
        sourceIP: sourceIP,
        destinationIP: destinationIP,
        sourcePort: sourcePort,
        destinationPort: destinationPort,
        data: data
    }
}

LiamKarlMitchell avatar Aug 22 '15 02:08 LiamKarlMitchell