I have a ~ 500gb pcap.gz file that I would like to read using node.js. I tried using wireshark to export this file as JSON however it took about an hour and resulted in a 47 gb file (far to large to be practical). I eventually hunted down a node module that can be found here that should be able to read pcap files. Then I used 7zip to extract the pcap file (resulting in a file a little over a 2 gigabytes) and tried to run this code:
var pcapp = require('pcap-parser');
var parser = pcapp.parse('C:/Users/.../data.pcap');
parser.on('packet', function(packet) {
console.log(packet);
});
and got the following error code
events.js:182
throw er; // Unhandled 'error' event
^
Error: unknown magic number: 0a0d0d0a
What would be ideal for me would be a node.js script that could parse pcap.gz files such that I would not have to go through any intermediary application such as wireshark or 7zip.
Here is a download link for the file: download
Any help is greatly appreciated.
I tested the NPM pcap parser on some pcap files I made myself with Wireshark and it works fine with both .pcap and .pcap.gz. However the pcap file in question was apparently not a pcap file but rather a pcap-ng file as demonstrated in this question. The solution was then load my pcap-ng file in wireshark and save it with the tcpdump library. After having done this the NPM pcap parser parsed the file just fine. I realize this is not a perfect solution as I still have to go through wireshark but it is a start.