Ethereal-users: Re: [Ethereal-users] (no subject)
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Peter Marquardt <info@xxxxxxxxxxxx>
Date: Fri, 28 May 2004 07:54:05 +0200
Ruichi Xin wrote:
Hi, Ladies and Gentlemen:My professor got this software for me, I'm using Ethereal to capture the packet length here, after I got the data, I just saved it as "xxx.tcpdump", I'm going to load the data on a MATLAB platform (MATLAB can accept ASCII file). My question is:How can I transfer this "xxx.tcpdump' file to ASCII file (like "xxx.txt" or similar staff)?
It depends on what kind of ASCII representation Matlab is going to read and what you are planning to do with it. The only option saving ASCII I know of is when you Export to Plain Text in the File menu.
In that case a packet might look like this:No. Time Source Destination Protocol Info 5 0.078900 192.168.0.103 130.133.1.4 TCP 1565 > nntp [ACK] Seq=1 Ack=1 Win=17424 Len=0
Frame 5 (54 bytes on wire, 54 bytes captured) Arrival Time: May 28, 2004 07:35:34.099038000 Time delta from previous packet: 0.000076000 seconds Time since reference or first frame: 0.078900000 seconds Frame Number: 5 Packet Length: 54 bytes Capture Length: 54 bytes Ethernet II, Src: 00:c0:9f:3a:17:17, Dst: 00:50:18:12:2f:c6 Destination: 00:50:18:12:2f:c6 (192.168.0.1) Source: 00:c0:9f:3a:17:17 (192.168.0.103) Type: IP (0x0800)Internet Protocol, Src Addr: 192.168.0.103 (192.168.0.103), Dst Addr: 130.133.1.4 (130.133.1.4)
Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xa029 (41001) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x160e (correct) Source: 192.168.0.103 (192.168.0.103) Destination: 130.133.1.4 (130.133.1.4)Transmission Control Protocol, Src Port: 1565 (1565), Dst Port: nntp (119), Seq: 1, Ack: 1, Len: 0
Source port: 1565 (1565) Destination port: nntp (119) Sequence number: 1 (relative sequence number) Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17424 Checksum: 0x616e (correct) SEQ/ACK analysis This is an ACK to the segment in frame: 4 The RTT to ACK the segment was: 0.000076000 secondsFor any other form of ASCII representation you will most likely have to get a converter handling libpcap files which will output the representation matlab can read. You may want to specify what kind of ASCII data the Program accepts (tab delimited, comma delimited...) and what data fields you explicitly need to import (just the packet length?)
If there is no such converter, I imagine one could be easily written in perl, parsing an exported plaintext file and rewriting it for Matlab. Alternatively you could grep the file for lines like this one:
Packet Length: 91 bytes and search & replace the rest in the output to suit your needs.
My e-mail is: rxin@xxxxxxxxxxx
HTH --Peter Marquardt
- References:
- [Ethereal-users] (no subject)
- From: Ruichi Xin
- [Ethereal-users] (no subject)
- Prev by Date: RE: [Ethereal-users] Help:Can't get list of interfaces: PacketGetAdapterNames: Not enough storage is available to process this command.
- Next by Date: Re: [Ethereal-users] Solved: 78 percent of ARP packets on the network
- Previous by thread: [Ethereal-users] (no subject)
- Next by thread: Re: [Ethereal-users] (no subject)
- Index(es):
- Get Wireshark
- Download
- Code of Conduct