How to get data of a TCP packet?

Question

How to get data of a TCP packet?

AlllenShen opened this issue 6 years ago · 5 comments

I use example code in my project, but the data is all 0.

var datalen = ret.info.totallen - ret.hdrlen;
datalen -= ret.hdrlen;
console.log(buffer.toString('binary', ret.offset, ret.offset + datalen));

I don't know why datalen should minus hdrlen again.

And I can't understand what ret.offset actually means?Is that the start position of TCP/IP packet header? cause i logged the raw buffer, find it starts with nonzero.

Answer 1 · 2019-03-04T13:26:45.000Z

ret is an object containing information as a result of parsing the data starting at the given starting offset. In this object, the offset in which the parser ended on is returned as ret.offset.

Answer 2 · 2019-03-04T13:29:01.000Z

If you're not seeing expected data, then perhaps your filter needs to be tweaked/corrected or you have the wrong network device opened.

Answer 3 · 2019-03-04T13:36:44.000Z

It means data behind ret.offset is the TCP/IP packet data. So ret.offset to ret.offset + ret.hdrlen is the headers of a TCP packet. Is that right?

Answer 4 · 2019-03-04T14:34:09.000Z

ret.offset points to where the TCP data starts. Each protocol parser only parses what's necessary for that protocol. So in the case of TCP it just parses the header. ret.hdrlen is the length of the TCP header.

All of these questions can be answered by reading lib/Decoders.js. The code in there is pretty straightforward.

Answer 5 · 2019-03-04T14:41:41.000Z

Thank you so much. This is my first time to try node, so do not konw where to find the actually implementing code. I've read binding.cc but found decoder is not implemented here.