File Exchange

image thumbnail

pcap2matlab() - Importing network protocol analyzer capabilties into MATLAB

version 1.4.0.0 (22.6 KB) by Alon Geva
Network live captures as well as pcap files reading directly from MATLAB

21 Downloads

Updated 28 Apr 2014

View License

pcap2matlab() imports network protocol analyzer capabilties into MATLAB.

capture = pcap2matlab(filter, decodeas_and_dissector,filename_or_interface, capture_stop_criteria)
allows to perform direct network live captures as well as *.pcap files reading from the MATLAB
workspace. The output variable is a MATLAB structure, one entry for each captured packet,
comprising the content of the packet fields that were requested by the input arguments.
The function is based on the TShark network protocol analyzer (see http://www.wireshark.org/docs/man-pages/tshark.html
for more information) and can operate in two modes:
1. Capture mode in which it starts listening on the requested network interface, capturing
packets based on some predefined criteria (i.e. filter) and output the relevant packet fields
based on the decodeas and dissector input arguments.
2. Read mode in which it reads an already existing pcap file, extract packets based on some
predefined criteria (i.e. filter) and output the relevant packet fields based on the
decodeas and dissector input arguments.
The function currently supports PC 32/64-bit as well as Linux 32/64-bit platforms.
Other platforms might be easily added in the future.
Input arguments:
* filter – A TShark format capture filter argument
* decodeas_and_dissector – This input argument can be one of the following things:
1. A MATLAB structure whose field names are the requested packet field names to capture
whereas the content of each field, of this structure, comprises the byte/bits offsets to
capture for this specific field.
2. A one-dimensional cell of strings comprising the TShark decodeas expression (TShark
-d flag) (not mandatory but if appears must be the first one) as well as additional
TShark dissector expressions (TShark -e flag). Each dissector expression will
results in a matching field in the output captured struct.
* filename_or_interface – This input argument can be one of two things:
1. An integer number that identifies the network interface from which to start
capturing (TShark -i flag). Setting this input argument to an integer number will
automatically set the function to work in capture mode.
2. A filename string that identifies the pcap file to read. Setting this input argument
to a filename string will automatically set the function to work in read mode.
* capture_stop_criteria – Relevant for capture mode only (should not be assigned when working in
read mode). Sets the capture ‘stop capturing’ criteria (TShark -a/-c flags). This input
argument can be one of the following things:
1. A numeric number that sets the total number of packets to capture (TShark -c flag).
2. A string that identifies the capture stop criteria (TShark -a flag).
3. A cell array combining a few legal capture stop criteria arguments such as
{'duration:10',100} that will stop capturing after 10 sec or 100 packets whichever
comes first.
For more information on TShark’s stop capturing criteria options please refer to:
http://www.wireshark.org/docs/man-pages/tshark.html.

Alon Geva
$Revision: 1.03 $ $Date: 25/04/2014 01:52:53 $

For the full descreption/options of the function please see function header (or type
"help pcap2matlab()" in the MATLAB prompt).

Cite As

Alon Geva (2020). pcap2matlab() - Importing network protocol analyzer capabilties into MATLAB (https://www.mathworks.com/matlabcentral/fileexchange/44265-pcap2matlab-importing-network-protocol-analyzer-capabilties-into-matlab), MATLAB Central File Exchange. Retrieved .

Comments and Ratings (13)

michael

Working great.
I've used 1st option for decodeas_and_dissector.
Didn't tried the 2nd one as it was used for some custom dissector. I guess it shall work as well.
Maybe some small modification is required in order to support extracting data from some custom dissector.

RAMAR U

how is it work pcap2matlab() and we can do this protocol data analysis for this process
anyone can explain for that

seven

Can not use

john gutsch

john gutsch

has anyone gotten this to work? I am not able to run it

Michael E.

Dev-iL

Hi Alon! Is this code hosted on some open source platform (e.g. GitHub)?

akkary

can anyone help me on how to use this?

fdsf gfg

Can you please provide example files to demonstrate this function working?

How I can use this function to load pcap files, help me with an example

Do not apply this function as an example please

Dan Mou

good

Updates

1.4.0.0

* Improved capture stop criteria
* Extended bytes/bits dissection capabilities
* Fixed bug: handling 'PCWIN' string returned by 'computer' function for old MATLAB versions
* Using system() instead of dos()/unix() functions

1.3.0.0

changed revision number in the descreption to match m-file revision number

1.1.0.0

small editing of the title and description.

MATLAB Release Compatibility
Created with R2013b
Compatible with any release
Platform Compatibility
Windows macOS Linux