This is a set of bindings from libpcap to node as well as some useful libraries to decode, print, and analyze packets. libpcap is a packet capture library used by programs like tcpdump and wireshark. It has been tested on OSX and Linux.
Why capture packets in JavaScript?
JavaScript makes writing event-based programs very natural. Each packet that is captured generates an event, and as higher level protocols are decoded, they might generate events as well. Writing code to handle these events is much easier and more readable with anonymous functions and closures.
node makes handling binary data in JavaScript fast and efficient with its Buffer class. Decoding packets involves a lot of binary slicing and dicing which can be awkward with JavaScript strings.
Writing servers that capture packets, process them somehow, and then serve the processed data up in some way is very straightforward in node.
Node has a very good HTTP parser that is used to progressively decode HTTP sessions.
References:
https://www.npmjs.com/package/pcap
No comments:
Post a Comment