Network packet capture node: node-red-contrib-pcap

[Nicholas Humfrey]

Apologies, I no longer to subscribe to this group by email because I don't get through the volumes of email anymore.

Hello,

I have published a network packet capture node to npm, that uses libpcap to inject ethernet packets into Node-RED:

http://flows.nodered.org/node/node-red-contrib-pcap

I originally wrote this Node-RED node in order to receive notifications when I press my Amazon Dash wifi button. These buttons, intended for ordering things from Amazon, send out ARP and DHCP packets to the whole network when they are pressed. Using this node, I can receive notifications when the button is pressed.

The same approach could be used for network monitoring or keeping track of devices appearing on the network.

Be careful not to create a packet loop!

nick.

[Ben Hardill]

And make sure your filter is right before deploying.

You could very easily flood Node-RED with huge numbers of messages if your pcap filter matches too many packets.

[Walter Kraembring]

And to further safeguard...before take a copy of your flows_raspberrypi.json BEFORE deploying since if you are unlucky (as mentioned by Ben) you will have no possibility to change your configuration once the flooding started. All this happened to me... Having a copy of the configuration therefore was nice; just kill node-red process and use the copy of the previous working configuration, start node-red again

[Julian Knight]

Yes, that is really mandatory for all changes to NR flows! Thankfully, you get the backup file anyway so you are OK as long as you didn't publish more than one change.

We could really do with an option in NR to allow keeping of any number of backup versions. As a work around, it is sensible to keep a watch on the flows file or the backup and to make further copies as appropriate. You could do that from within NR itself of course! Hopefully I'll be able to add a file copy node to my node-red-contrib-fs set.

You should also set up a scheduled script to back up the settings, package.json (if using one), flows and cred files to another machine regularly.

I also take a full copy of my Node-Red project folder (I run NR in embedded mode so it is installed locally) before doing any major upgrades. If you don't do that, you should make sure you know what module and NR versions you have installed before doing an upgrade.

[Nicholas Humfrey]

Whoops!

Maybe I should add a warning to the edit dialog, particularly if no filter string has been entered.

nick.

[Jon Maddison]

Hi Nick,  

I hope it's ok to add to this post.  I'm trying to use your node for the same purpose - the detect an Amazon Dash button press.  I can't see the node in my Node-RED palette.

On my Raspberry Pi Zero, I believe I've run the commands correctly as per http://flows.nodered.org/node/node-red-contrib-pcap

apt-get install libpcap-dev

npm install node-red-contrib-pcap

The first command just gave a one line response (I tried it as above, then again as sudo):

pi@raspberrypi:~ $ sudo apt-get install libpcap-dev

Reading package lists... Done

The npm command gave a compilation error when run as above, without sudo, then I tried again as sudo as it gave a couple of warnings but seemed to work.

My problem is that the node is not appearing in my palette on the left hand side.

Any help welcome,

Many thanks,

Jon

[Colin Law]

On 20 September 2016 at 08:52, Jon Maddison <jonm...@gmail.com> wrote:
> Hi Nick,
>
> I hope it's ok to add to this post. I'm trying to use your node for the
> same purpose - the detect an Amazon Dash button press. I can't see the node
> in my Node-RED palette.
>
> On my Raspberry Pi Zero, I believe I've run the commands correctly as per
> http://flows.nodered.org/node/node-red-contrib-pcap
>
> apt-get install libpcap-dev
>
> npm install node-red-contrib-pcap
>
>
> The first command just gave a one line response (I tried it as above, then
> again as sudo):
>
> pi@raspberrypi:~ $ sudo apt-get install libpcap-dev
> Reading package lists... Done

If that is all it did then it has not worked. The 'Done' refers to
reading the package list. It should have told you it was installing
it. Did it return to the command line prompt after saying ... Done?
Perhaps you did not wait long enough. Try that command again.

Colin

> --
> http://nodered.org
>
> Join us on Slack to continue the conversation: http://nodered.org/slack
> ---
> You received this message because you are subscribed to the Google Groups
> "Node-RED" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to node-red+u...@googlegroups.com.
> To post to this group, send email to node...@googlegroups.com.
> Visit this group at https://groups.google.com/group/node-red.
> For more options, visit https://groups.google.com/d/optout.

[Jon Maddison]

Hi Colin,

Thanks for your reply.  It just returned to the command prompt.  I didn't interrupt it with Ctrl-C or anything.  Could it be that it was already installed (in which case, it would have been by default)?  I'd be surprised if that were the case.  I certainly don't recall installing it before on that Pi.  And in any case I'd expect more on the console output if it was already installed.

Thanks,

Jon

[Colin Law]

On 20 September 2016 at 09:12, Jon Maddison <jonm...@gmail.com> wrote:
> Hi Colin,
>
> Thanks for your reply. It just returned to the command prompt. I didn't
> interrupt it with Ctrl-C or anything. Could it be that it was already
> installed (in which case, it would have been by default)? I'd be surprised
> if that were the case. I certainly don't recall installing it before on
> that Pi. And in any case I'd expect more on the console output if it was
> already installed.

If it had already been installed it would have told you. Try the
install again and if it still does not do anything then tell us what
is shown by
apt-cache policy libpcap-dev

Copy/paste the result here. In case you don't know, in the terminal
Ctrl+Alt+C copies to the clipboard.

Colin

>
> Thanks,
> Jon
>
>>
>> If that is all it did then it has not worked. The 'Done' refers to
>> reading the package list. It should have told you it was installing
>> it. Did it return to the command line prompt after saying ... Done?
>> Perhaps you did not wait long enough. Try that command again.
>>
>> Colin
>>

[Jon Maddison]

Thanks very much, I'll try that tonight (the Pi is at home).

[Jon Maddison]

So I typed the command again and it sits like this for a number of minutes

pi@raspberrypi:~ $ sudo apt-get install libpcap-dev

Reading package lists... Done

pi@raspberrypi:~ $  tree... 0%

I press Enter, and the 0% line disappears:

pi@raspberrypi:~ $ sudo apt-get install libpcap-dev

Reading package lists... Done

pi@raspberrypi:~ $ 

pi@raspberrypi:~ $ 

pi@raspberrypi:~ $ apt-cache policy libpcap-dev 

libpcap-dev:

  Installed: (none)

  Candidate: 1.6.2-2

  Version table:

     1.6.2-2 0

        500 http://mirrordirector.raspbian.org/raspbian/ jessie/main armhf Packages

pi@raspberrypi:~ $ 

Looks like trouble downloading.

Thanks,

Jon

[Jon Maddison]

Hi, 

Any ideas how to get over this error to get libpcap-dev installed are greatly appreciated, so at to get this node to appear in my palette.

Thanks,

Jon

[Colin Law]

On 23 September 2016 at 16:50, Jon Maddison <jonm...@gmail.com> wrote:
> Hi,
>
> Any ideas how to get over this error to get libpcap-dev installed are
> greatly appreciated, so at to get this node to appear in my palette.

I would start by doing a full update of the pi
sudo apt update && sudo apt full-upgrade
then try the install again. Obviously if you have any errors doing
the update then come back.

Colin

>
> Thanks,
> Jon
>
> On Tuesday, 20 September 2016 21:13:54 UTC+1, Jon Maddison wrote:
>>
>> So I typed the command again and it sits like this for a number of minutes
>>
>> pi@raspberrypi:~ $ sudo apt-get install libpcap-dev
>>
>> Reading package lists... Done
>>
>> pi@raspberrypi:~ $ tree... 0%
>>
>>
>> I press Enter, and the 0% line disappears:
>>
>>
>> pi@raspberrypi:~ $ sudo apt-get install libpcap-dev
>>
>> Reading package lists... Done
>>
>> pi@raspberrypi:~ $
>>
>> pi@raspberrypi:~ $
>>
>>
>> pi@raspberrypi:~ $ apt-cache policy libpcap-dev
>>
>> libpcap-dev:
>>
>> Installed: (none)
>>
>> Candidate: 1.6.2-2
>>
>> Version table:
>>
>> 1.6.2-2 0
>>
>> 500 http://mirrordirector.raspbian.org/raspbian/ jessie/main armhf
>> Packages
>>
>> pi@raspberrypi:~ $
>>
>>
>> Looks like trouble downloading.
>>
>> Thanks,
>> Jon
>

> --
> http://nodered.org
>
> Join us on Slack to continue the conversation: http://nodered.org/slack
> ---
> You received this message because you are subscribed to the Google Groups
> "Node-RED" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to node-red+u...@googlegroups.com.
> To post to this group, send email to node...@googlegroups.com.
> Visit this group at https://groups.google.com/group/node-red.

> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/node-red/033cb1e7-9eab-4195-81ab-76bd0523cf85%40googlegroups.com.

[Jon Maddison]

Hi,

The update seems to have worked ok, some extract below.

No change to the install of libpcap-dev though, in fact, the apt-cache policy libpcap-dev now just gives a segmentation fault and the desired node is still not showing up in the Node-RED palette for me :(

pi@raspberrypi:~ $ sudo apt update

...

Fetched 9,106 kB in 1min 34s (96.5 kB/s)      

Reading package lists... Done

Building dependency tree       

Reading state information... Done

235 packages can be upgraded. Run 'apt list --upgradable' to see them.

pi@raspberrypi:~ $ sudo apt full-upgrade 

Reading package lists... Done

Building dependency tree       

Reading state information... Done

Calculating upgrade... The following packages were automatically installed and are no longer required:

  libasn1-8-heimdal libauthen-sasl-perl libdrm-freedreno1 libdrm-nouveau2 libdrm-radeon1 libelf1 libencode-locale-perl libfile-listing-perl

  libfont-afm-perl libgssapi3-heimdal libhcrypto4-heimdal libheimbase1-heimdal libheimntlm0-heimdal libhtml-form-perl libhtml-parser-perl

  libhtml-tagset-perl libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libhx509-5-heimdal

  libio-html-perl libkrb5-26-heimdal libllvm3.5 liblwp-mediatypes-perl libroken18-heimdal liburi-perl libwind0-heimdal libwww-robotrules-perl

  libxfce4ui-1-0 pypy-upstream-doc wiringpi xfce-keyboard-shortcuts

Use 'apt-get autoremove' to remove them.

Done

The following packages will be REMOVED:

  pypy-setuptools pypy-upstream-dev

The following NEW packages will be installed:

  bluez bluez-firmware device-tree-compiler libasound2-plugins libpulsedsp libspeexdsp1 libwebrtc-audio-processing-0 pi-bluetooth pigpio

  pishutdown pulseaudio pulseaudio-module-bluetooth pulseaudio-module-x11 pulseaudio-utils pypy pypy-lib raspberrypi-kernel rtkit

The following packages will be upgraded:

  alacarte apt apt-utils bind9-host bluej ca-certificates claws-mail claws-mail-i18n cpio curl dmsetup dpkg dpkg-dev e2fslibs e2fsprogs file

  firmware-atheros firmware-brcm80211 firmware-libertas firmware-ralink firmware-realtek fontconfig fontconfig-config fuse gir1.2-gdkpixbuf-2.0

  git git-core git-man gnupg gnupg-agent gnupg2 gpgv gtk2-engines-clearlookspix gtk2-engines-pixbuf idle-python2.7 initramfs-tools

  isc-dhcp-client isc-dhcp-common krb5-locales libapt-inst1.5 libapt-pkg4.12 libarchive13 libaudiofile1 libavcodec56 libavformat56

  libavresample2 libavutil54 libbind9-90 libbluetooth3 libc-bin libc-dev-bin libc6 libc6-dbg libc6-dev libcairo-gobject2 libcairo2 libcomerr2

  libcupsfilters1 libcurl3 libcurl3-gnutls libdevmapper-event1.02.1 libdevmapper1.02.1 libdns-export100 libdns100 libdpkg-perl libdrm-freedreno1

  libdrm-nouveau2 libdrm-radeon1 libdrm2 libegl1-mesa libexpat1 libexpat1-dev libfftw3-double3 libfftw3-single3 libfm-data libfm-extra4

  libfm-gtk-data libfm-gtk4 libfm-modules libfm4 libfontconfig1 libfuse2 libgbm1 libgcrypt20 libgd3 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common

  libgif4 libgl1-mesa-glx libglapi-mesa libgraphite2-3 libgssapi-krb5-2 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libgudev-1.0-0 libhogweed2

  libidn11 libimlib2 libirs-export91 libisc-export95 libisc95 libisccc90 libisccfg-export90 libisccfg90 libjasper1 libjavascriptcoregtk-3.0-0

  libk5crypto3 libkrb5-3 libkrb5support0 libksba8 libldb1 liblvm2app2.2 liblwres90 libmagic1 libmodule-build-perl libnettle4 libnspr4

  libpam-modules libpam-modules-bin libpam-runtime libpam-systemd libpam0g libpcre3 libpng12-0 libpng12-dev libpolkit-agent-1-0

  libpolkit-backend-1-0 libpolkit-gobject-1-0 libpoppler46 libpython2.7 libpython2.7-minimal libpython2.7-stdlib libraspberrypi-bin

  libraspberrypi-dev libraspberrypi-doc libraspberrypi0 librsvg2-2 librsvg2-common libruby2.1 libservlet2.5-java libsmbclient libsndfile1

  libsqlite3-0 libsrtp0 libss2 libssh-4 libssh2-1 libssl-dev libssl-doc libssl1.0.0 libswscale3 libsystemd0 libtalloc2 libtasn1-6 libtdb1

  libtevent0 libtiff5 libudev1 libvdpau1 libvpx1 libwbclient0 libwebkitgtk-3.0-0 libwebkitgtk-3.0-common libx264-142 libxapian22 libxml2

  libxslt1.1 locales login lxinput lxkeymap lxpanel lxpanel-data multiarch-support nodered ntp nuscratch omxplayer openssh-client openssh-server

  openssh-sftp-server openssl oracle-java8-jdk passwd pcmanfm perl perl-base perl-modules pimixer policykit-1 poppler-utils pypy-upstream

  python-gpiozero python-picamera python-pil python-rpi.gpio python-sense-hat python-talloc python2.7 python2.7-minimal python3-gpiozero

  python3-picamera python3-pil python3-rpi.gpio python3-sense-hat raspberrypi-bootloader raspberrypi-net-mods raspberrypi-sys-mods

  raspberrypi-ui-mods raspi-config rc-gui rsyslog ruby ruby2.1 samba-common samba-libs sonic-pi ssh sudo systemd systemd-sysv tzdata udev wget

  wiringpi wolfram-engine wpasupplicant xarchiver xserver-common xserver-xorg-core xserver-xorg-input-evdev xserver-xorg-input-synaptics

  xserver-xorg-video-fbdev xserver-xorg-video-fbturbo

235 upgraded, 18 newly installed, 2 to remove and 0 not upgraded.

Need to get 563 MB of archives.

After this operation, 196 MB of additional disk space will be used.

Do you want to continue? [Y/n] Y

...

Fetched 563 MB in 38min 41s (242 kB/s)                                                                                                           

pi@raspberrypi:~ $ sudo apt-get install libpcap-dev 

pi@raspberrypi:~ $ ts... 0%

pi@raspberrypi:~ $ apt-cache policy libpcap-dev 

Segmentation fault

pi@raspberrypi:~ $ apt-cache policy libpcap-dev 

Segmentation fault

[Colin Law]

On 24 September 2016 at 22:47, Jon Maddison <jonm...@gmail.com> wrote:
> ...

>
> pi@raspberrypi:~ $ apt-cache policy libpcap-dev
> Segmentation fault

Your SD card is failing or/and you have some corrupted system files.
Throw the card away and start again.

Colin

[Jon Maddison]

:) I was wondering if it was getting to that.  Thanks Colin,

Jon

[Julian Knight]

I can't recommend enough buying good SD cards for Pi use. I've had a Samsung card in mine since the start of the year and it gets very heavy use without any issues so far.

[Colin Law]

On 25 September 2016 at 12:03, Julian Knight <j.kni...@gmail.com> wrote:
> I can't recommend enough buying good SD cards for Pi use. I've had a Samsung
> card in mine since the start of the year and it gets very heavy use without
> any issues so far.

+1 to that. Use Samsung or Sandisk. Also make a image of the card once
it is working how you want it. Then you can easily get back to there
if the card fails.

Colin

> On Sunday, 25 September 2016 10:06:56 UTC+1, Jon Maddison wrote:
>>
>> :) I was wondering if it was getting to that. Thanks Colin,
>>
>> Jon
>>
>> On Sunday, 25 September 2016 08:24:53 UTC+1, Colin Law wrote:
>>>
>>> On 24 September 2016 at 22:47, Jon Maddison <jonm...@gmail.com> wrote:
>>> > ...
>>> >
>>> > pi@raspberrypi:~ $ apt-cache policy libpcap-dev
>>> > Segmentation fault
>>>
>>> Your SD card is failing or/and you have some corrupted system files.
>>> Throw the card away and start again.
>>>
>>> Colin
>

> --
> http://nodered.org
>
> Join us on Slack to continue the conversation: http://nodered.org/slack
> ---
> You received this message because you are subscribed to the Google Groups
> "Node-RED" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to node-red+u...@googlegroups.com.
> To post to this group, send email to node...@googlegroups.com.
> Visit this group at https://groups.google.com/group/node-red.
> To view this discussion on the web, visit

> https://groups.google.com/d/msgid/node-red/00e569c1-843c-4e03-86b4-00617673e8cd%40googlegroups.com.

[Kay Pohl]

Hello Nick,

i installed your node over "Manage Palette" in NR. No Error during installation. No Error during NR start up. Then i add the node to my flow and config a MAC address. But after deploying my dashbutton is not shown in DEBUG window. Do i have to install anything else ?

Kay

[Nick O'Leary]

Hi Kay,

there are some additional prereqs you have to install manually. Have a look on the node's readme: http://flows.nodered.org/node/node-red-contrib-pcap

Nick

--
http://nodered.org
 
Join us on Slack to continue the conversation: http://nodered.org/slack
---
You received this message because you are subscribed to the Google Groups "Node-RED" group.

To unsubscribe from this group and stop receiving emails from it, send an email to node-red+unsubscribe@googlegroups.com.

To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.

To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/6e3766f6-4a27-47c2-a928-2ef12084f7ed%40googlegroups.com.

[Kay Pohl]

Hi. I installed pcap-dev and set:

 sudo setcap cap_net_raw,cap_net_admin=eip `realpath /usr/bin/nodejs`

After a reboot with no errors, it still doesn´t work :-(

Am Montag, 8. Mai 2017 17:39:40 UTC+2 schrieb Nick O'Leary:

Hi Kay,

there are some additional prereqs you have to install manually. Have a look on the node's readme: http://flows.nodered.org/node/node-red-contrib-pcap

Nick

On 8 May 2017 at 16:16, Kay Pohl <kay-...@gmx.de> wrote:

Hello Nick,

i installed your node over "Manage Palette" in NR. No Error during installation. No Error during NR start up. Then i add the node to my flow and config a MAC address. But after deploying my dashbutton is not shown in DEBUG window. Do i have to install anything else ?

Kay

Am Sonntag, 19. Juni 2016 16:55:33 UTC+2 schrieb Nicholas Humfrey:

Apologies, I no longer to subscribe to this group by email because I don't get through the volumes of email anymore.

Hello,

I have published a network packet capture node to npm, that uses libpcap to inject ethernet packets into Node-RED:

http://flows.nodered.org/node/node-red-contrib-pcap

I originally wrote this Node-RED node in order to receive notifications when I press my Amazon Dash wifi button. These buttons, intended for ordering things from Amazon, send out ARP and DHCP packets to the whole network when they are pressed. Using this node, I can receive notifications when the button is pressed.

The same approach could be used for network monitoring or keeping track of devices appearing on the network.

Be careful not to create a packet loop!

nick.

--
http://nodered.org
 
Join us on Slack to continue the conversation: http://nodered.org/slack
---
You received this message because you are subscribed to the Google Groups "Node-RED" group.

To unsubscribe from this group and stop receiving emails from it, send an email to node-red+u...@googlegroups.com.

To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.

[Kay Pohl]

Hello. I try dasher in console. There i can receive dash button button events. But not in Node Red :-(