Ruichi Xin wrote:
Hi, Ladies and Gentlemen:
My professor got this software for me, I'm using Ethereal to capture the
packet length here, after I got the data, I just saved it as "xxx.tcpdump",
I'm going to load the data on a MATLAB platform (MATLAB can accept ASCII
file). My question is:
How can I transfer this "xxx.tcpdump' file to ASCII file (like "xxx.txt" or
similar staff)?
It depends on what kind of ASCII representation Matlab is going to read
and what you are planning to do with it. The only option saving ASCII I
know of is when you Export to Plain Text in the File menu.
In that case a packet might look like this:
No. Time Source Destination Protocol
Info
5 0.078900 192.168.0.103 130.133.1.4 TCP
1565 > nntp [ACK] Seq=1 Ack=1 Win=17424 Len=0
Frame 5 (54 bytes on wire, 54 bytes captured)
Arrival Time: May 28, 2004 07:35:34.099038000
Time delta from previous packet: 0.000076000 seconds
Time since reference or first frame: 0.078900000 seconds
Frame Number: 5
Packet Length: 54 bytes
Capture Length: 54 bytes
Ethernet II, Src: 00:c0:9f:3a:17:17, Dst: 00:50:18:12:2f:c6
Destination: 00:50:18:12:2f:c6 (192.168.0.1)
Source: 00:c0:9f:3a:17:17 (192.168.0.103)
Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.0.103 (192.168.0.103), Dst Addr:
130.133.1.4 (130.133.1.4)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0xa029 (41001)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x160e (correct)
Source: 192.168.0.103 (192.168.0.103)
Destination: 130.133.1.4 (130.133.1.4)
Transmission Control Protocol, Src Port: 1565 (1565), Dst Port: nntp
(119), Seq: 1, Ack: 1, Len: 0
Source port: 1565 (1565)
Destination port: nntp (119)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17424
Checksum: 0x616e (correct)
SEQ/ACK analysis
This is an ACK to the segment in frame: 4
The RTT to ACK the segment was: 0.000076000 seconds
For any other form of ASCII representation you will most likely have to
get a converter handling libpcap files which will output the
representation matlab can read. You may want to specify what kind of
ASCII data the Program accepts (tab delimited, comma delimited...) and
what data fields you explicitly need to import (just the packet length?)
If there is no such converter, I imagine one could be easily written in
perl, parsing an exported plaintext file and rewriting it for Matlab.
Alternatively you could grep the file for lines like this one:
Packet Length: 91 bytes
and search & replace the rest in the output to suit your needs.
My e-mail is: rxin@xxxxxxxxxxx
HTH
--Peter Marquardt
