qxip / webshark Goto Github PK
View Code? Open in Web Editor NEWwebShark: Wireshark & PCAPs in your browser, 100% Open-Source Cloudshark alternative based on sharkd
License: GNU Affero General Public License v3.0
webShark: Wireshark & PCAPs in your browser, 100% Open-Source Cloudshark alternative based on sharkd
License: GNU Affero General Public License v3.0
Hello. First of all , Thanks for the work you have done in this repo.
I am trying to run the node application in a docker container . I am facing issues as spawning to /var/run/sharkd.sock is not working If I set SHARKD_SOCKET = "/var/run/sharkd.sock". I am getting following error -
Error trying to connect to /var/run/sharkd.sock Error: connect ENOENT /var/run/sharkd.sock at PipeConnectWrap.afterConnect [as oncomplete] (net.js:1159:16) { errno: -2, code: 'ENOENT', syscall: 'connect', address: '/var/run/sharkd.sock' }
/var/run is already mounted so that should not be any issue. I have docker.sock inside /var/run folder . I gave a try by setting SHARKD_SOCKET = "/var/run/docker.sock" . Then I didn't get ENOENT error but new_sock.write(JSON.stringify(request)+"\n")
did not work. So I am thinking spawning unix:/var/run/sharkd.sock
is the actual issue in container.
Sharkd is running by sharkd - unix:/var/run/sharkd.sock
. I can see 'Hello in child' output in the terminal
Could you please point me out if I am missing something.
Currently sharkd
only supports loading from files it can directly access through function sharkd_session_process_load
in turn calling load_cap_file
In order to support a broader scope of scenarios, it should be extended to support loading data from web APIs, ad-hoc interfaces and/or through piping other system commands.
This issue is just an intention pointer to track design elements and input from other devs.
I have tried to run this project in my local environment.
sharkd is running and I have ran the apis on :8085 port. I have tested webshark/upload
Post api and webshark/json?req=files
Get API from postman and it seems working.
Though I am having a problems with other Get apis like webshark/json?req=info
I am getting following output -
{"jsonrpc":"2.0","id":0,"error":{"code":-32600,"message":"req is not a valid member name"}}
.
I don't understand if I am missing anything.
Also When I open the url is browser , The UI is not getting loaded. It shows something like this -
Any help would be much appreciated.
I would like to use webshark in docker container on a public available server.
Would it be possible to add authentication somehow to Wireshark?
Can we add Plugin support in webshark ?
For example, if I want to add HEP3 Dissector in Webshark, how it can be done?
Hi @lmangani
Is it possible to use the 'Decode as' functionality like we have in wireshark through the analyze option. I have a need to provide a port with a specific value and analyze the pcap when the protocol field matches the value.
I am successfully passing the filters value in URL and looking something similar to that.
Any help would be highly appreciated.
After uploading the pcapfile, it was not stored in the specified mapped captures folder, so the web file menu bar does not display the previously uploaded file。Uploading errors can cause container crashes, and the web error output is as follows:
Unknown Error {"headers":{"normalizedNames":{},"lazyUpdate":null,"headers":{}},"status":0,"statusText":"Unknown Error","url":"/webshark/upload","ok":false,"name":"HttpErrorResponse","message":"Http failure response for /webshark/upload: 0 Unknown Error","error":{"isTrusted":true}}
i observe dependency failures during the new image build and i am failing to run the image due to node-fetch errors.
can you pls help to update the Dockerfile for new builds? (newbie here)
I tried to run the docker on my vps, but it failed with the following error message
fog@webshark$ docker run -e SHARKD_SOCKET=/home/node/sharkd.sock -ti --rm -p 8085:8085 -v $(pwd)/captures:/captures ghcr.io/qxip/webshark:2.0.0
rm: cannot remove '/home/node/sharkd.sock': No such file or directory
node[1]: ../src/node_platform.cc:68:std::unique_ptr<long unsigned int> node::WorkerThreadsTaskRunner::DelayedTaskScheduler::Start(): Assertion `(0) == (uv_thread_create(t.get(), start_thread, this))' failed.
1: 0xc98550 node::Abort() [node]
2: 0xc985ce [node]
3: 0xd169a9 node::WorkerThreadsTaskRunner::WorkerThreadsTaskRunner(int) [node]
4: 0xd16acc node::NodePlatform::NodePlatform(int, v8::TracingController*, v8::PageAllocator*) [node]
5: 0xc53f13 [node]
6: 0xc5487b node::Start(int, char**) [node]
7: 0x7fb45d4f81ca [/lib/x86_64-linux-gnu/libc.so.6]
8: 0x7fb45d4f8285 __libc_start_main [/lib/x86_64-linux-gnu/libc.so.6]
9: 0xbb004e _start [node]
fog@webshark$ uname -a
Linux calm-spin-1.localdomain 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
fog@webshark$ cat /etc/issue
Ubuntu 18.04 LTS \n \l
While on another local pc, it works
fog@captures$ uname -a
Linux fognb2 5.4.0-155-generic #172-Ubuntu SMP Fri Jul 7 16:10:02 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
fog@captures$ cat /etc/issue
Ubuntu 20.04.2 LTS \n \l
Any idea?
Noticed that pcaps under /captures subdirectories are not considered.
Can we add support for PCMA/8000 & PCMU/8000 for playing stream as these are common codecs used in VoIP?
I'm attempting to build the webshark container from source with a tweak to the docker-compose file, using the commit 2c73300 .
webshark:
# image: ghcr.io/qxip/webshark:2.0.0
build: .
The build completes successfully, and the web interface starts, but when visiting the application in a browser, the server crashes.
webshark | Error trying to connect to /home/node/sharkd.sock
webshark | Error: connect ECONNREFUSED /home/node/sharkd.sock
webshark | at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1595:16) {
webshark | errno: -111,
webshark | code: 'ECONNREFUSED',
webshark | syscall: 'connect',
webshark | address: '/home/node/sharkd.sock'
webshark | }
webshark | Trying to spawn unix:/home/node/sharkd.sock
webshark | Error spawning sharkd under /home/node/sharkd.sock / exit 1
Attempting to start sharkd manually from the command line results in a fatal error I cannot myself troubleshoot.
node@e065321c547b:/usr/src/node-webshark/api$ sharkd unix:/home/node/sharkd.sock
node@e065321c547b:/usr/src/node-webshark/api$ ** (sharkd:70) 20:04:44.321044 [Epan ERROR] epan/packet.c:3361 -- register_dissector_handle(): assertion failed: g_hash_table_lookup(registered_dissectors, name) == ((void *)0)
** (sharkd:70) Aborting on fatal log level exception
It looks like a dissector/plugin is registered twice, or a dissector/plugin is causing sharkd to crash?
register_dissector_handle(const char *name, dissector_handle_t handle)
{
/* Make sure name is "parsing friendly" - descriptions should be
* used for complicated phrases. */
check_valid_dissector_name_or_fail(name);
/* Make sure the registration is unique */
ws_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
g_hash_table_insert(registered_dissectors, (gpointer)name, handle);
return handle;
}
I even attempted to build with some of the key changes commented out of the sharkd build script with no success.
# Update wireshark sources
git pull
git reset --hard 640ded8e1d45ec3ee8594c385b1045cbaa0042a0 ## tested with this hash
# Integrate sharkd
patch -p1 < ../sharkd/sharkd.patch
patch -p1 < ../sharkd/sharkd_opt_memory.patch ## optional
cp ../sharkd/*.[ch] ./
[scott@sob-desktop tmp]$ sudo docker run -ti --rm -p 8085:8085 -v $(pwd)/captures:/captures ghcr.io/qxip/webshark:latest
rm: cannot remove '': No such file or directory
> [email protected] start
> npx fastify start -l info app.js -a 0.0.0.0 -p 8085
{"level":30,"time":1693287165225,"pid":43,"hostname":"e9818d18aa01","msg":"Server listening at http://0.0.0.0:8085"}
{"level":30,"time":1693287168418,"pid":43,"hostname":"e9818d18aa01","reqId":"req-1","req":{"method":"GET","url":"/webshark/","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47474},"msg":"incoming request"}
{"level":30,"time":1693287168425,"pid":43,"hostname":"e9818d18aa01","reqId":"req-1","res":{"statusCode":200},"responseTime":7.2343679999466985,"msg":"request completed"}
{"level":30,"time":1693287168438,"pid":43,"hostname":"e9818d18aa01","reqId":"req-2","req":{"method":"GET","url":"/webshark/css/webshark.css","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47474},"msg":"incoming request"}
{"level":30,"time":1693287168439,"pid":43,"hostname":"e9818d18aa01","reqId":"req-3","req":{"method":"GET","url":"/webshark/css/awesomplete.css","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47490},"msg":"incoming request"}
{"level":30,"time":1693287168440,"pid":43,"hostname":"e9818d18aa01","reqId":"req-2","res":{"statusCode":200},"responseTime":1.6142440000548959,"msg":"request completed"}
{"level":30,"time":1693287168440,"pid":43,"hostname":"e9818d18aa01","reqId":"req-4","req":{"method":"GET","url":"/webshark/js/d3.v4.min.js","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47506},"msg":"incoming request"}
{"level":30,"time":1693287168441,"pid":43,"hostname":"e9818d18aa01","reqId":"req-5","req":{"method":"GET","url":"/webshark/js/webshark-app.js","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47474},"msg":"incoming request"}
{"level":30,"time":1693287168441,"pid":43,"hostname":"e9818d18aa01","reqId":"req-6","req":{"method":"GET","url":"/webshark/js/wavesurfer.min.js","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47522},"msg":"incoming request"}
{"level":30,"time":1693287168442,"pid":43,"hostname":"e9818d18aa01","reqId":"req-3","res":{"statusCode":200},"responseTime":2.2881270002108067,"msg":"request completed"}
{"level":30,"time":1693287168442,"pid":43,"hostname":"e9818d18aa01","reqId":"req-7","req":{"method":"GET","url":"/webshark/css/c3.min.css","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47528},"msg":"incoming request"}
{"level":30,"time":1693287168443,"pid":43,"hostname":"e9818d18aa01","reqId":"req-8","req":{"method":"GET","url":"/webshark/js/c3.min.js","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47540},"msg":"incoming request"}
{"level":30,"time":1693287168445,"pid":43,"hostname":"e9818d18aa01","reqId":"req-6","res":{"statusCode":200},"responseTime":3.4042609999887645,"msg":"request completed"}
{"level":30,"time":1693287168445,"pid":43,"hostname":"e9818d18aa01","reqId":"req-7","res":{"statusCode":200},"responseTime":2.706019999925047,"msg":"request completed"}
{"level":30,"time":1693287168445,"pid":43,"hostname":"e9818d18aa01","reqId":"req-4","res":{"statusCode":200},"responseTime":4.949557999847457,"msg":"request completed"}
{"level":30,"time":1693287168446,"pid":43,"hostname":"e9818d18aa01","reqId":"req-5","res":{"statusCode":200},"responseTime":4.552250000182539,"msg":"request completed"}
{"level":30,"time":1693287168446,"pid":43,"hostname":"e9818d18aa01","reqId":"req-8","res":{"statusCode":200},"responseTime":3.214585999958217,"msg":"request completed"}
{"level":30,"time":1693287168476,"pid":43,"hostname":"e9818d18aa01","reqId":"req-9","req":{"method":"GET","url":"/webshark/json?method=info","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47506},"msg":"incoming request"}
Error trying to connect to /var/run/sharkd.sock
Error: connect ENOENT /var/run/sharkd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1595:16) {
errno: -2,
code: 'ENOENT',
syscall: 'connect',
address: '/var/run/sharkd.sock'
}
Trying to spawn unix:/var/run/sharkd.sock
Error spawning sharkd under /var/run/sharkd.sock / exit 1
[scott@sob-desktop tmp]$
I've noticed some extraneous/old files in the repository. Does anyone have a problem with deleting the following? I think they could lead to confusion down the road.
web/js/webshark-app.js
- generated from other files, probably shouldn't be under version controlsharkd/*
with the exception of sharkd/build.sh
- shouldn't be needed since we only use the wireshark repoHi,
I am playing with this project and it´s quite interesting.
For test purposes i am loading only one pcap file but noticed that frame timestamps are not preserved, webshark start from zero as reference, is it possible to change it to maintain original timestamps?
Another thing, what do you recommend as process to capture traffic into captures folder? tcpdump with rotated files every minute, anything else more efficient?
Thanks
I observe below error while launching to the application.
Can you please help me on this error if possible ?
{"level":30,"time":1653552495131,"pid":18,"hostname":"7172137743c7","reqId":9,"req":{"method":"GET","url":"/webshark/json?req=info","hostname":"xxx:8085","remoteAddress":"xxx","remotePort":39129},"msg":"incoming request","v":1}
Error trying to connect to /var/run/sharkd.sock
{ Error: connect ENOENT /var/run/sharkd.sock
at PipeConnectWrap.afterConnect [as oncomplete] (net.js:1107:14)
errno: 'ENOENT',
code: 'ENOENT',
syscall: 'connect',
address: '/var/run/sharkd.sock' }
Trying to spawn unix:/var/run/sharkd.sock
events.js:174
throw er; // Unhandled 'error' event
^
Error: spawn sharkd ENOENT
at Process.ChildProcess._handle.onexit (internal/child_process.js:240:19)
at onErrorNT (internal/child_process.js:415:16)
at process._tickCallback (internal/process/next_tick.js:63:19)
Emitted 'error' event at:
at Process.ChildProcess._handle.onexit (internal/child_process.js:246:12)
at onErrorNT (internal/child_process.js:415:16)
at process._tickCallback (internal/process/next_tick.js:63:19)
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] start: `npx fastify start -l info app.js -p 8085`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] start script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2022-05-26T08_08_15_179Z-debug.log
@RFbkak37y3kIY has developed a new UI for webshark we can include in the 2.x release.
Let's deploy it to a branch and use this thread to apply the various API/UI changes using #17 as reference.
The RTP Audio exporting function seems broken in the latest builds. This used to work in the previous releases.
Investigating.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.