wood burning stoves 2.0*
The moose likes Other JSE/JEE APIs and the fly likes analyzing the packet size distribution from a publicly available packet trace Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "analyzing the packet size distribution from a publicly available packet trace" Watch "analyzing the packet size distribution from a publicly available packet trace" New topic
Author

analyzing the packet size distribution from a publicly available packet trace

baaru so
Greenhorn

Joined: Apr 02, 2008
Posts: 25
hiee

can any one tell me how to analyze the packet size distribution of a packet trace which we got from a publicly available network using java and any other language for visualization i have the packet size distribution but im little bit confused how to do the distribution process
MAIN CRITERIA IS TO FIND THE

The empirical probability THAT IS

(frequency of the packet)/(total number of packets)

i.e., (the number of packets of that size)/(total number of packets)

DOES ANY ONE HAVE ANY IDEA REGARDING THIS ONE

here i have the perl code for converting the data in to ascii format


#! /usr/local/bin/perl

# input file format:
#
# 512 byte header
# 17408*60 bytes data
# 512 byte header
# 17408*60 bytes data
# . . . .
#
# bytes 2/3 in the headers contain the usable cell count for the data portion
# bytes 4/5 contain the interface number for the data portion
#
# for the data part:
#
# 0 1 2 3
# 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#0 | clockstamp | Header
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#1 | clockstamp | FIFO depth |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#2 | ATM header |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#3 | LLC/SNAP |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#4 | LLC/SNAP |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#5 |Version| IHL |Type of Service| Total Length | IP
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#6 | Identification |Flags| Fragment Offset |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#7 | Time to Live | Protocol | Header Checksum |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#8 | Source Address |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#9 | Destination Address |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#
# option(s) or other header following; e.g., for TCP:
#
# | Source Port | Destination Port | TCP
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# | Sequence Number |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# | Acknowledgment Number |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# | Data | |U|A|P|R|S|F| |
# | Offset| Reserved |R|C|S|S|Y|I| Window |
# | | |G|K|H|T|N|N| |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#

open(infile,$ARGV[0]) || die("Can't open input file\n");
$if=$ARGV[1]; # requested interface

$tdelta=0.01;
$oldtimestamp=0;

# skip header
while(read(infile,$record,512)){
$cflag=vec($record,0,16); #non-byte-swapped clock if -1
$cellcount=vec($record,2,8)*256+vec($record,3,8);
$interface=vec($record,4,8)*256+vec($record,5,8);
#printf stderr "$interface\t$cellcount\n";
# Start reading in entries
for ($lccnt = 1; $lccnt <= 17408; $lccnt++) {
read(infile,$record,60) || exit;
if($lccnt > $cellcount){next;}
if(($if ne "") && ($if != $interface)){next;}
$tpcount++;

if($cflag == 0xffff) {
$ts1= vec($record,3,8); $ts2= vec($record,2,8);
}else{
$ts1= vec($record,4,8); $ts2= vec($record,5,8);
}
$clock=($ts1<<8)+$ts2;
if($clock < $oldclock){$clock2++;}
$oldclock=$clock;
$timestamp=(($clock2*65536)+$clock)*0.00000004;

if(vec($record,18,8) == 0x08){
$src = vec($record,8,32);
$dst = vec($record,9,32);
$src1 = vec($record,32,8);
$src2 = vec($record,33,8);
$src3 = vec($record,34,8);
$src4 = vec($record,35,8);
$dst1 = vec($record,36,8);
$dst2 = vec($record,37,8);
$dst3 = vec($record,38,8);
$dst4 = vec($record,39,8);

$plen = vec($record,22,8)*256+vec($record,23,8);
$prot = vec($record,29,8);

$ihl = (vec($record,20,8)&0xf)*4;
$sport = vec($record,$ihl+20,8)*256+vec($record,$ihl+21,8);
$dport = vec($record,$ihl+22,8)*256+vec($record,$ihl+23,8);
#1 (0x01) ICMP protocol
#2 (0x02) IGMP protocol
#4 (0x04) IP over IP
#6 (0x06) TCP protocol
#17 (0x11) UDP protocol
#41 (0x29) IPv6 protocol
if (($prot == 2) || ($prot == 4) || ($prot == 6) || ($prot == 17) ||($prot == 41) ) {
printf"%d\t%d\t%.8f\t%.8f\t%d.%d.%d.%d\t%d.%d.%d.%d\t%d\t%d\t%d\t%d\n",
$interface,$tpcount,$timestamp,$timestamp-$oldtimestamp,
$src1,$src2,$src3,$src4,
$dst1,$dst2,$dst3,$dst4,
$plen,$prot,$sport,$dport;
} # if $prot
#if(($timestamp > ($oldtimestamp+$tdelta)) || ($timestamp < $oldtimestamp)){
#printf stderr "Time delta: $oldtimestamp $timestamp (%s)\n",
#$timestamp-$oldtimestamp;
#}
$oldtimestamp=$timestamp;

#}else{
#$nippcount++;
#printf"%d\t%d\t%.8f\t%.8f\t",$interface,$tpcount,$timestamp,$timestamp-$oldtimestamp;
#for ($j= 0; $j<=19; $j++){printf"%2x ",vec($record,$j,8);}
#printf"\n\t\t\t\t\t\t";
#for ($j=20; $j<=39; $j++){printf"%2x ",vec($record,$j,8);}
#printf"\n\t\t\t\t\t\t";
#for ($j=40; $j<=59; $j++){printf"%2x ",vec($record,$j,8);}
#printf"\n\n";
}
}
}
so please help me in finding the code to trace packet in java.

 
GeeCON Prague 2014
 
subject: analyzing the packet size distribution from a publicly available packet trace