What is the performance like when doing this? Doing pcap capturing and processing in node.js feels slow, but that is just a feeling and I don't have any data to back it up.. are there any performance impact studies?
I also wonder whether the code actually works reliably. They have an "onpacket" handler on the pcap object, but this handler is, I think, called on every TCP packet. Which may not correspond to an HTTP session.
Consider an app that starts an HTTP session by sending two TCP packets:
I agree with you, currently I am only catching the request that have valid http method. I mentioned this in code comments there is todo task to capture different cases as well.
Moreover, I am happy to learn more from you and if you have any recommendation please mention it. This simple implementation has met my needs.
Regarding the performance, to be honest I've not tested it as I am not expert in this domain, so any hit is appreciated.
It would be better to stream the captured packets to a proper HTTP parser. That way you can also handle HTTP keepalive.
Also, you can set a filter on the pcap session so that pcap only gives you http packets. Then you don't have to check yourself whether you captured non-http.
Consider an app that starts an HTTP session by sending two TCP packets:
1. GET /foo
2. HTTP/1.1\r\n...etc...
Their code would not catch this.