File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

analyzing the packet size distribution from a publicly available packet trace

 
baaru so
Greenhorn
Posts: 25
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hiee

can any one tell me how to analyze the packet size distribution of a packet trace which we got from a publicly available network using java and any other language for visualization i have the packet size distribution but im little bit confused how to do the distribution process
MAIN CRITERIA IS TO FIND THE

The empirical probability THAT IS

(frequency of the packet)/(total number of packets)

i.e., (the number of packets of that size)/(total number of packets)

DOES ANY ONE HAVE ANY IDEA REGARDING THIS ONE

here i have the perl code for converting the data in to ascii format


#! /usr/local/bin/perl

# input file format:
#
# 512 byte header
# 17408*60 bytes data
# 512 byte header
# 17408*60 bytes data
# . . . .
#
# bytes 2/3 in the headers contain the usable cell count for the data portion
# bytes 4/5 contain the interface number for the data portion
#
# for the data part:
#
# 0 1 2 3
# 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#0 | clockstamp | Header
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#1 | clockstamp | FIFO depth |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#2 | ATM header |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#3 | LLC/SNAP |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#4 | LLC/SNAP |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#5 |Version| IHL |Type of Service| Total Length | IP
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#6 | Identification |Flags| Fragment Offset |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#7 | Time to Live | Protocol | Header Checksum |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#8 | Source Address |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#9 | Destination Address |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#
# option(s) or other header following; e.g., for TCP:
#
# | Source Port | Destination Port | TCP
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# | Sequence Number |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# | Acknowledgment Number |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# | Data | |U|A|P|R|S|F| |
# | Offset| Reserved |R|C|S|S|Y|I| Window |
# | | |G|K|H|T|N|N| |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#

open(infile,$ARGV[0]) || die("Can't open input file\n");
$if=$ARGV[1]; # requested interface

$tdelta=0.01;
$oldtimestamp=0;

# skip header
while(read(infile,$record,512)){
$cflag=vec($record,0,16); #non-byte-swapped clock if -1
$cellcount=vec($record,2,8)*256+vec($record,3,8);
$interface=vec($record,4,8)*256+vec($record,5,8);
#printf stderr "$interface\t$cellcount\n";
# Start reading in entries
for ($lccnt = 1; $lccnt <= 17408; $lccnt++) {
read(infile,$record,60) || exit;
if($lccnt > $cellcount){next;}
if(($if ne "") && ($if != $interface)){next;}
$tpcount++;

if($cflag == 0xffff) {
$ts1= vec($record,3,8); $ts2= vec($record,2,8);
}else{
$ts1= vec($record,4,8); $ts2= vec($record,5,8);
}
$clock=($ts1<<8)+$ts2;
if($clock < $oldclock){$clock2++;}
$oldclock=$clock;
$timestamp=(($clock2*65536)+$clock)*0.00000004;

if(vec($record,18,8) == 0x08){
$src = vec($record,8,32);
$dst = vec($record,9,32);
$src1 = vec($record,32,8);
$src2 = vec($record,33,8);
$src3 = vec($record,34,8);
$src4 = vec($record,35,8);
$dst1 = vec($record,36,8);
$dst2 = vec($record,37,8);
$dst3 = vec($record,38,8);
$dst4 = vec($record,39,8);

$plen = vec($record,22,8)*256+vec($record,23,8);
$prot = vec($record,29,8);

$ihl = (vec($record,20,8)&0xf)*4;
$sport = vec($record,$ihl+20,8)*256+vec($record,$ihl+21,8);
$dport = vec($record,$ihl+22,8)*256+vec($record,$ihl+23,8);
#1 (0x01) ICMP protocol
#2 (0x02) IGMP protocol
#4 (0x04) IP over IP
#6 (0x06) TCP protocol
#17 (0x11) UDP protocol
#41 (0x29) IPv6 protocol
if (($prot == 2) || ($prot == 4) || ($prot == 6) || ($prot == 17) ||($prot == 41) ) {
printf"%d\t%d\t%.8f\t%.8f\t%d.%d.%d.%d\t%d.%d.%d.%d\t%d\t%d\t%d\t%d\n",
$interface,$tpcount,$timestamp,$timestamp-$oldtimestamp,
$src1,$src2,$src3,$src4,
$dst1,$dst2,$dst3,$dst4,
$plen,$prot,$sport,$dport;
} # if $prot
#if(($timestamp > ($oldtimestamp+$tdelta)) || ($timestamp < $oldtimestamp)){
#printf stderr "Time delta: $oldtimestamp $timestamp (%s)\n",
#$timestamp-$oldtimestamp;
#}
$oldtimestamp=$timestamp;

#}else{
#$nippcount++;
#printf"%d\t%d\t%.8f\t%.8f\t",$interface,$tpcount,$timestamp,$timestamp-$oldtimestamp;
#for ($j= 0; $j<=19; $j++){printf"%2x ",vec($record,$j,8);}
#printf"\n\t\t\t\t\t\t";
#for ($j=20; $j<=39; $j++){printf"%2x ",vec($record,$j,8);}
#printf"\n\t\t\t\t\t\t";
#for ($j=40; $j<=59; $j++){printf"%2x ",vec($record,$j,8);}
#printf"\n\n";
}
}
}
so please help me in finding the code to trace packet in java.

 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic