search

kunklejr / node-pcap-parser

Packet capture (pcap) file parser written in pure javascript for Node.js
MIT License
85 stars 16 forks source link

Any helper methods to parse the basics? #6

Open LiamKarlMitchell opened 9 years ago

LiamKarlMitchell commented 9 years ago

Frame, IP, TCP To get the source/destination and ports.

I guess I can write it if needed but thought it worth asking.

LiamKarlMitchell commented 9 years ago 
function parse_pcap_tcp(buffer) {
    if (buffer.length <= 0x35) {
        return null;
    }

    // Is it TCP Version 4?
    if (buffer.readUInt8(14) != 0x45) {
        return null;
    }

    // Read Source IP
    var sourceIP = buffer.readUInt8(0x1A).toString() + '.' +
        buffer.readUInt8(0x1B).toString() + '.' +
        buffer.readUInt8(0x1C).toString() + '.' +
        buffer.readUInt8(0x1D).toString();

    var destinationIP = buffer.readUInt8(0x1E).toString() + '.' +
        buffer.readUInt8(0x1F).toString() + '.' +
        buffer.readUInt8(0x20).toString() + '.' +
        buffer.readUInt8(0x21).toString();

    var sourcePort = buffer.readUInt16BE(0x22);
    var destinationPort = buffer.readUInt16BE(0x24);

    var data = buffer.slice(0x36);

    return {
        sourceIP: sourceIP,
        destinationIP: destinationIP,
        sourcePort: sourcePort,
        destinationPort: destinationPort,
        data: data
    }
}