node-pcap-parser - Packet capture (pcap) file parser written in pure javascript for Node.js

  •        476

pcap-parser emits five different events, only some of which you'll likely care about. Each event is emitted from the parser created with pcapp.parse. The pcapp.parse method can be passed a file path or a readable stream. pcap-parser only parses version 2.4 of the libpcap file format in big or little endian format. Please see http://wiki.wireshark.org/Development/LibpcapFileFormat for detailed documentation of the pcap file format.

https://github.com/kunklejr/node-pcap-parser

Tags
Implementation
License
Platform

   




Related Projects

httpdump - Capture and parse http traffics

  •    Go

Parse and display http traffic from network device or pcap file. This is a go version of origin pcap-parser, thanks to gopacket project, this tool has simpler code base and is more efficient. For original python implementation, refer to httpcap on pypi.

Moloch - Large scale, full packet capturing, indexing, and database system

  •    Javascript

Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting.

PacketQ - A tool that provides a basic SQL-frontend to PCAP-files

  •    Javascript

packetq is a command line tool to run SQL queries directly on PCAP files, the results can be outputted as JSON (default), formatted/compact CSV and XML. It also contain a very simplistic web-server in order to inspect PCAP files remotely. PacketQ was previously known as DNS2db but was renamed in 2011 when it was rebuilt and could handle protocols other than DNS among other things. More information is provided in our FAQ, functions, and fields documentation.

netsniff-ng - The packet sniffing beast

  •    C

netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.

tcpreplay - Pcap editing and replay tools for *NIX and Windows - Users please download source from

  •    C

Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 packets and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS's. Tcpreplay supports both single and dual NIC modes for testing both sniffing and in-line devices.Tcpreplay is used by numerous firewall, IDS, IPS, NetFlow and other networking vendors, enterprises, universities, labs and open source projects. If your organization uses Tcpreplay, please let us know who you are and what you use it for so that I can continue to add features which are useful.


pcapsplit

  •    C

pcapsplit is able to split pcap files into several smaller pieces. This split can be performed by several different features. E.g. it is able to split a pcap file into smaller pcap files according to the desired file size or type of traffic.

posthtml - PostHTML is a tool to transform HTML/XML with JS plugins

  •    Javascript

PostHTML is a tool for transforming HTML/XML with JS plugins. PostHTML itself is very small. It includes only a HTML parser, a HTML node tree API and a node tree stringifier. All HTML transformations are made by plugins. And these plugins are just small plain JS functions, which receive a HTML node tree, transform it, and return a modified tree.

xml-stream - XML stream parser based on Expat. Made for Node.

  •    Javascript

XmlStream is a Node.js XML stream parser and editor, based on node-expat (libexpat SAX-like parser binding). When working with large XML files, it is probably a bad idea to use an XML to JavaScript object converter, or simply buffer the whole document in memory. Then again, a typical SAX parser might be too low-level for some tasks (and often a real pain).

SIPDump

  •    

SIPDump is a packet capture tool for writing SIP calls to pcap files. It listens on a specified interface for any new SIP calls and writes them to disk.

PCAPMerger / PmLib

  •    

PCAPMerger is console application written in C# to merge mutliple PCAP files into the one file sorted according to timestamp, it benefits separate PmLib library

SIM PCAP Tool

  •    

A framework for requesting packet traces via a SIMs context tool menu. Utilizing Perl as a wrapper for ssh and scp to access a PCAP datastore on a remote sensor. The remote sensor is a hardened server running a packetlogger(snort/tcpdump/dumpcap).

NetDash

  •    PHP

Network Intrusion Detection and Full Packet Capture System

sngrep - Ncurses SIP Messages flow viewer

  •    C

sngrep is a tool for displaying SIP calls message flows from terminal. It supports live capture to display realtime SIP packets and can also be used as PCAP viewer.

net-creds - Sniffs sensitive data from interface or pcap

  •    Python

Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.

PcapXray - :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

  •    Python

Given a Pcap File, plot a network diagram displaying hosts in the network, network traffic, highlight important traffic and Tor traffic as well as potential malicious traffic including data involved in the communication.

scapy - Scapy: the Python-based interactive packet manipulation program & library

  •    Python

Scapy is a powerful Python-based interactive packet manipulation program and library. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work.

parse5 - HTML parsing/serialization toolset for Node

  •    Javascript

HTML parsing/serialization toolset for Node.js. WHATWG HTML Living Standard (aka HTML5)-compliant.parse5 provides nearly everything you may need when dealing with HTML. It's the fastest spec-compliant HTML parser for Node to date. It parses HTML the way the latest version of your browser does. It has proven itself reliable in such projects as jsdom, Angular2, Polymer and many more.

node-htmlparser - Forgiving HTML/XML/RSS Parser in JS for *both* Node and Browsers

  •    Javascript

#NodeHtmlParser A forgiving HTML/XML/RSS parser written in JS for both the browser and NodeJS (yes, despite the name it works just fine in any modern browser). The parser can handle streams (chunked data) and supports custom handlers for writing custom DOMs/output.

nomnom - [UNMAINTAINED] Option parser for node with generated usage and commands

  •    Javascript

nomnom is an option parser for node. It noms your args and gives them back to you in a hash. Nomnom supports args like -d, --debug, --no-debug, --file=test.txt, --file test.txt, -f test.txt, -xvf, and positionals. Positionals are arguments that don't fit the -a or --atomic format and aren't attached to an option.