README
pcap-generator
Generate PCAP files from packets
# npm install pcap-generator
Usage
pcap-generator can be used both in Node and in the browser. In Node.js it uses the native Buffer and in the browser you have to specify it by calling .configure
Note that it supports both miliseconds (timestamp is an integer) and microseconds (timestamp is a float).
Node.js
const generator = require('pcap-generator')
const fs = require('fs')
const ipPackets = [{
timestamp: Date.now(), // miliseconds
buffer: Buffer.from('4500002d000000000011d0970a0a0a0a0b0b0b0b450000210019ffff7b2268656c6c6f223a22776f726c64227d', 'hex')
}]
const pcapFile = generator(ipPackets)
fs.writeFileSync('test.pcap', pcapFile)
console.log('Open test.pcap in Wireshark')
Browser (in this example uses the buffer module)
import { Buffer } from 'buffer'
import { configure } from 'pcap-generator'
const generator = configure({ Buffer: Buffer })
const ipPackets = [{
timestamp: 1802869.484431046, // microseconds
buffer: Buffer.from('4500002d000000000011d0970a0a0a0a0b0b0b0b450000210019ffff7b2268656c6c6f223a22776f726c64227d', 'hex')
}]
const pcapFile = generator(ipPackets)
console.log('This here is your pcap file in hex:', pcapFile.toString('hex'))
API
(packets)
packets is an array of of objects similar to:
[{
timestamp: Date.now(),
buffer: somePacket
}]
Returns a buffer of the generated pcap file.
.configure(opts)
Returns a new instance of pcap-generator with the passed options.
- Buffer. Override the
Bufferused. Default: Buffer (in Node.js) or none (in the browser) - linkLayerType. The type of packets in the file. E.g.
101for raw IP packets, or1for Ethernet packets. See https://www.tcpdump.org/linktypes.html for more details Default: 101 (Raw IP packets) - majorVersion. Major version of pcap. Default: 2
- minorVersion. Minor version of pcap. Default: 4
- gmtOffset. The GMT offset in pcap. Default: 0
- timestampAccuracy. The accuracy of the timestamps. Default: 0
- snapshotLength. The snapshot length of the packets. Default: 65535