node_pcap icon indicating copy to clipboard operation
node_pcap copied to clipboard

Published 20 hours ago verified publisher icon node-pcap

Streaming PCAP file input

Open foxt opened this issue 2 years ago • 1 comments

Hello,

I was wondering if it was possible to use something like the offline capture but for streams instead of data that is already written to a file.

For example, if I want to packet capture a remote host I can do something such as

 ssh [email protected] tcpdump -i eth0 -U -s0 -w - 'not port 22'

which will write the pcap data to stdout instead of a file, so that I can pipe it into something like wireshark -k -i - so that I can see the traffic on a remote machine in real time.

Is there any possiblity that this could be done with this library?

foxt avatar Jul 10 '23 09:07 foxt

It seems like you can work around this by creating a FIFO

mkfifo /Users/foxt/pcapfifo
ssh [email protected] tcpdump -i eth0 -U -s0 -w - 'not port 22' > /Users/foxt/pcapfifo

const pcapSession = pcap.createOfflineSession("/Users/foxt/testfifo")

foxt avatar Jul 10 '23 09:07 foxt