Reading PCAP files on Matlab
Show older comments
I am trying to read PCAP files on matlab. Can anyone suggest how to do so?
5 Comments
James
on 3 Mar 2020
I recently decided to do this also. I've found pcap2matlab code mentioned by Punjitha not very functional.
It requires TShark installed AND on your path. TShark is part of wireshark, and was not initially part of my installation for some reason.
The help was unclear, and a challenge to read through.
Further I'm interested in "live" analysis as the data streams in, so I've ended up using a different part of wireshark (editcap) to convert the packet data to a text based format and wrote my own parser.
I'd be happy to share if you're intersted, but its (very) poorly tested. The part that works can load hex text ethernet frame (k12 text) output from wireshark:editcap into ipv4, and udp. It returns a cell array of packets structs.
Nishu Vidyarthi
on 3 Mar 2020
Well, okay, I've cleaned up my messy bits(a little), and apologize in advance for minimal testing. I read the bare minimum of documentation to get what I wanted done so many pieces are incomplete. Further, this was a home project, so my work was done in gnu octave, and I didnt bother to check that it ran the same at work.
All the disclaimers aside, this code ran fast enough for me written in pure matlab, so I was happy. I'm thinking of just learning the pcapng format since I just about had to drop to binary packet handling here, and it doesnt seem like it'd be much more work.
If you need copyright licensing ... this is free, it will destroy the computer of anyone whom runs it, encourage people to blame me, but only for succes .
Tolga Ulupinar
on 1 Feb 2022
Hi James. I have some problems in your scripts. In capture read " error using hex2num Too many input arguments" . Can you help me for this error. How can ı fix this error. I used test_packet.txt
Walter Roberson
on 1 Feb 2022
Edited: Walter Roberson
on 1 Feb 2022
I see that @James mentioned that he wrote the code using Octave. The Octave hex2num() supports passing a class as the second parameter, but MATLAB does not.
I think you can change the hex2udp line
udp.(fields{fn})=hex2num(udp.(fields{fn}),'uint16');
to
udp.(fields{fn}) = uint16(sscanf(udp.(fields{fn}), '%x'));
This would possibly have slightly different behaviour in cases where the input somehow had spaces or non-hex characters instead of the expect hex output; I do not have access to Octave to test its behaviour in detail (and there is the big question of what would be most reasonable to have happen in that circumstance.)
Accepted Answer
Pujitha Narra
on 24 Feb 2020
Edited: Pujitha Narra
on 24 Feb 2020
1 vote
Hi,
There is no such feature as of now, but it might be considered for a future release. However, 'pcap2matlab' is one of the several submissions in MATLAB File Exchange on MATLAB Central which is a forum for our product users to interact, exchange information and knowledge, without MathWorks' involvement. Feel free to contact the author of this submission directly for specific questions about the implementation.
Here's the link to the file:
More Answers (2)
michael
on 20 Jun 2020
0 votes
Hello,
Idin Motedayen-Aval
on 3 Jun 2024
0 votes
For completeness:
If you have access to 5G Toolbox, there is built-in pcapReader function that has been available since R2021b.
Categories
Find more on WLAN Toolbox in Help Center and File Exchange
on 20 Feb 2020
on 3 Jun 2024
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
