search

node-pcap / node_pcap

libpcap bindings for node
MIT License
928 stars 253 forks source link

Streaming PCAP file input #297

Open foxt opened 12 months ago

foxt commented 12 months ago

Hello,

I was wondering if it was possible to use something like the offline capture but for streams instead of data that is already written to a file.

For example, if I want to packet capture a remote host I can do something such as

 ssh root@10.0.0.0 tcpdump -i eth0 -U -s0 -w - 'not port 22'

which will write the pcap data to stdout instead of a file, so that I can pipe it into something like wireshark -k -i - so that I can see the traffic on a remote machine in real time.

Is there any possiblity that this could be done with this library?

foxt commented 12 months ago

It seems like you can work around this by creating a FIFO

mkfifo /Users/foxt/pcapfifo
ssh root@10.0.0.0 tcpdump -i eth0 -U -s0 -w - 'not port 22' > /Users/foxt/pcapfifo
const pcapSession = pcap.createOfflineSession("/Users/foxt/testfifo")