Comments (15)
Can you also show the code you're using that uses this function?
from cap.
var Cap = require('cap').Cap,
decoders = require('cap').decoders,
PROTOCOL = decoders.PROTOCOL;
c = new Cap(),
device = '\\Device\\NPF_{B72765D8-CD73-45E0-8723-BD121163DC18}',
filter = 'arp',
bufSize = 10 * 1024 * 1024,
buffer = new Buffer(65535);
console.log("buffer");
c.on('packet', function(nbytes, trunc)
{
console.log('packet: length ' + nbytes + ' bytes, truncated? '
+ (trunc ? 'yes\r\n' : 'no\r\n'));
var linkType = c.open(device, filter, bufSize, buffer);
if (linkType === 'ETHERNET')
console.log('Decoding ARP ...');
{
var ret = decoders.Ethernet(buffer);
if (ret.info.type === PROTOCOL.ETHERNET.ARP)
{
console.log('Decoding ARP ...');
ret = decoders.ARP(buffer, ret.offset);
console.log("sender mac address:", ret.info.hardwareAddr);
console.log("sender Ip Address:", ret.info.senderIp);
}
}
});
from cap.
Your c.open()
is in the wrong place. You won't get any packet
events until you c.open()
first, so place that outside of your packet
event handler.
from cap.
yeah... i got it thank. Is there any filter in cap module to filter certain "mac address" . can you add my code to your decoders source code so that it will be helpful to everyone . directly they will get ARP packets instead of going for some other modules.
from cap.
As far as the filter syntax goes, it's the same syntax that tcpdump uses. So to look for a particular mac address you should be able to use something like 'ether host aa:bb:cc:dd:ee:ff'
.
from cap.
actually now able to see ARP packets . I saw in wireshark, it consists of both ethernet-2 and 802.3 packets . But using cap module i am sniffing only ethernet-2 packets. Is there any way to sniff 802.3 packets also..??
from cap.
You'd have to decode the packet differently. 802.3 is fairly similar to ethernet-2 though, so you could re-use some code. See this SO answer for details.
from cap.
Are you seeing packet
events for the 802.3-encapsulated packets? As far as I know the 'arp'
filter should emit packets for both types, with the difference being in the decoding of the packets as I previously noted (e.g. if the type/len field is >= 1536, it's Ethernet II). The current ethernet decoder only performs simple type/length field checking and does not handle SNAP or other fields for non-Ethernet II encapsulation.
from cap.
NO ..i am not getting 802.3 packets in any format.
from cap.
so now what shall I add to typelen in ethernet code to decode the packets...???
from cap.
what "linkType" does in function code. actually i have removed ethernet part in decoders and i have added IEEE8023 . but when i try to print linkType it still printing as ETHERNET. So I am not understanding where i have to change ETHERNET TO IEEE8023.
from cap.
Do you have a reliable way of duplicating these packets that I can use?
from cap.
since I am generating packets with local board so i can't share the packets. If you want we can make webex meeting
from cap.
@mscdex I am wondering whether or not you progressed on this one. As I need an ARP decoder for my project I have rolled my own decoding function based on the snippet @dheerajreddy1 posted. My implementation is not perfect as it might not cover all cases, but it is comparable to what node-pcap has. If you like my proposal I am happy to create a pull request.
exports.ARP = function(b, offset) {
offset || (offset = 0);
var ret = {
info: {
hardwareaddr: undefined,
protocol: undefined,
hdrlen: undefined,
protlen: undefined,
opcode: undefined,
sendermac: '',
senderip: '',
targetmac: '',
targetip: ''
},
offset: undefined
};
ret.info.hardwareaddr = b.readUInt16BE(offset, true);
offset += 2;
ret.info.protocol = b.readUInt16BE(offset, true);
offset += 2;
ret.info.hdrlen = b.readInt8(offset, true);
offset += 1;
ret.info.protlen = b.readInt8(offset, true);
offset += 1;
ret.info.opcode = b.readUInt16BE(offset, true);
offset += 2;
if (ret.info.hdrlen == 6 && ret.info.protlen == 4) {
for (i = 0; i < 6; ++i) {
ret.info.sendermac += ('00' + b[offset++].toString(16)).substr(-2);
if (i < 5)
ret.info.sendermac += ':';
}
for (i = 0; i < 4; ++i) {
ret.info.senderip += b[offset++].toString(10);
if (i < 3)
ret.info.senderip += '.';
}
for (i = 0; i < 6; ++i) {
ret.info.targetmac += ('00' + b[offset++].toString(16)).substr(-2);
if (i < 5)
ret.info.targetmac += ':';
}
for (i = 0; i < 4; ++i) {
ret.info.targetip += b[offset++].toString(10);
if (i < 3)
ret.info.targetip += '.';
}
}
ret.offset = offset;
return ret;
};
from cap.
@mwittig If you have a working decoder, feel free to open a PR.
from cap.
Related Issues (20)
- 0 bytes packets capture only HOT 11
- Issue installing cap on Windows 10 HOT 6
- TypeError: Cannot read property 'prototype' of undefined HOT 3
- 'cap.node' was compiled against a different Node.js version using NODE_MODULE_VERSION 83. This version of Node.js requires NODE_MODULE_VERSION 89. HOT 1
- Create a packet
- This module was compiled agianst a different Node.js issue.
- `Cap.deviceList()` Permissions error HOT 2
- "Segmentation fault (core dumped)" while using cap to send many packet (number of packets < 60) HOT 1
- how to check if npcap is installed on the machine HOT 1
- Return read packets immediately on Windows 10 HOT 2
- "The specified module could not be found" HOT 5
- Does not compile under the newest node-gyp / electron-gyp HOT 2
- NODE_MODULE_VERSION 72. This version of Node.js requires NODE_MODULE_VERSION 73. Please try re-compiling or re-installing HOT 13
- .
- Does not find Pcap Library HOT 1
- Loop starvation HOT 2
- Resend packet captured from Wireshark HOT 5
- Can I send a WebSocket package without worrying about ACK number or Seq number? HOT 1
- Capture TCP segment of Reassembled PDU?
- How do I regenerate the seq number to replay captured traffic?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cap.