Hi,
I've installed the node "node-red-contrib-pcap" succesfully. I could filter the incoming packets, however, I need to convert it to JSON. Find the flow below:
[{"id":"268be8ad.9ee5b","type":"tab","label":"Flow 1","disabled":false,"info":""},{"id":"f4fb43b8.f9d7d","type":"pcap","z":"268be8ad.9ee5b","name":"","ifname":"enp0s3","output":"string","filter":"ip dst host 84.88.40.59","path":"","x":300,"y":280,"wires":[["a6262dcc.3d2638"]]},{"id":"beedb5c9.d2ada","type":"debug","z":"268be8ad.9ee5b","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"false","statusVal":"","statusType":"auto","x":770,"y":260,"wires":[]},{"id":"a6262dcc.3d2638","type":"json","z":"268be8ad.9ee5b","name":"","property":"payload","action":"","pretty":false,"x":500,"y":340,"wires":[["beedb5c9.d2ada"]]}]
The output without the JSON node is:
"LINKTYPE_ETHERNET 08:00:27:ce:a0:de -> 80:78:71:43:57:7a IPv4 192.168.1.55 -> 84.88.40.59 flags [d] UDP UDP 445->445 len 107"
I get the following error with that flow:
"Unexpected token L in JSON at position 0"
This is what I expect:
"_index": "packets-2020-11-05",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.encap_type": "1",
"frame.time": "Nov 5, 2020 13:39:21.359169000 CET",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1604579961.359169000",
"frame.time_delta": "0.320612000",
"frame.time_delta_displayed": "0.320612000",
"frame.time_relative": "4735.199410000",
"frame.number": "25766",
"frame.len": "141",
"frame.cap_len": "141",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:udp:data"
},
"eth": {
"eth.dst": "80:78:71:43:57:7a",
"eth.dst_tree": {
"eth.dst_resolved": "AskeyCom_43:57:7a",
"eth.addr": "80:78:71:43:57:7a",
"eth.addr_resolved": "AskeyCom_43:57:7a",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "08:00:27:ce:a0:de",
"eth.src_tree": {
"eth.src_resolved": "PcsCompu_ce:a0:de",
"eth.addr": "08:00:27:ce:a0:de",
"eth.addr_resolved": "PcsCompu_ce:a0:de",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "127",
"ip.id": "0x00008809",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "64",
"ip.proto": "17",
"ip.checksum": "0x000073f2",
"ip.checksum.status": "2",
"ip.src": "192.168.1.55",
"ip.addr": "192.168.1.55",
"ip.src_host": "192.168.1.55",
"ip.host": "192.168.1.55",
"ip.dst": "84.88.40.59",
"ip.addr": "84.88.40.59",
"ip.dst_host": "84.88.40.59",
"ip.host": "84.88.40.59"
},
"udp": {
"udp.srcport": "445",
"udp.dstport": "445",
"udp.port": "445",
"udp.port": "445",
"udp.length": "107",
"udp.checksum": "0x00003eef",
"udp.checksum.status": "2",
"udp.stream": "26"
},
"data": {
"data.data": "ff:ff:ff:ff:ff:ff:08:00:27:ce:a0:de:89:47:11:00:1a:01:20:50:00:80:00:2d:01:00:00:00:08:00:27:ce:a0:de:a7:84:11:99:19:54:08:fa:ce:45:20:f1:01:f0:07:cc:00:00:00:00:07:d1:00:00:02:02:00:00:00:e0:85:96:00:59:ca:5f:a7:4d:92:b3:9b:00:00:00:00:00:30:d4:1e:00:e1:1f:c0:fa:7e:bf:e9:ed:07:37:fe:eb:ff:f6:00",
"data.len": "99"
}
}
}
}
How can I convert that packet to a JSON format?
