📄 etherealparser2.asv

📁 用matlab写的以太网报头提取工具。它可以截获网络数据包并记录下它的时间戳、数据包长度和数据域等。
💻 ASV
📖 第 1 页 / 共 3 页
字号:
上一页 1 23
    fieldNames=[fieldNames 'TCPSeqNumber'];
end
tv=get(handles.TCPAckNumber,'Value');
if (tv==1)
    TCPAckNumber=zeros(nPkts,4);
    bitfield(19)=1;
    nFields=nFields+1;
    fieldNames=[fieldNames 'TCPAckNumber'];
end
tv=get(handles.TCPHdrLength,'Value');
if (tv==1)
    TCPHdrLength=zeros(nPkts,1);
    bitfield(20)=1;
    nFields=nFields+1;
    fieldNames=[fieldNames 'TCPHdrLength'];
end
tv=get(handles.TCPFlags,'Value');
if (tv==1)
    TCPFlags=zeros(nPkts,1);
    bitfield(21)=1;
    nFields=nFields+1;
    fieldNames=[fieldNames 'TCPFlags'];
end
tv=get(handles.TCPWindowSize,'Value');
if (tv==1)
    TCPWindowSize=zeros(nPkts,2);
    bitfield(22)=1;
    nFields=nFields+1;
    fieldNames=[fieldNames 'TCPWindowSize'];
end
tv=get(handles.TCPChecksum,'Value');
if (tv==1)
    TCPChecksum=zeros(nPkts,2);
    bitfield(23)=1;
    nFields=nFields+1;
    fieldNames=[fieldNames 'TCPChecksum'];
end
tv=get(handles.TCPSeqAck,'Value');
if (tv==1)
    TCPSeqAck=zeros(nPkts,2);
    bitfield(24)=1;
    nFields=nFields+1;
    fieldNames=[fieldNames 'TCPSeqAck'];
end

% UDP Fields
tv=get(handles.UDPSourcePort,'Value');
if (tv==1)
    UDPSourcePort=zeros(nPkts,2);
    bitfield(25)=1;
    nFields=nFields+1;
    fieldNames=[fieldNames 'UDPSourcePort'];
end
tv=get(handles.UDPDestPort,'Value');
if (tv==1)
    UDPDestPort=zeros(nPkts,2);
    bitfield(26)=1;
    nFields=nFields+1;
    fieldNames=[fieldNames 'UDPDestPort'];
end
tv=get(handles.UDPLength,'Value');
if (tv==1)
    UDPLength=zeros(nPkts,2);
    bitfield(27)=1;
    nFields=nFields+1;
    fieldNames=[fieldNames 'UDPLength'];
end
tv=get(handles.UDPChecksum,'Value');
if (tv==1)
    UDPChecksum=zeros(nPkts,2);
    bitfield(28)=1;
    nFields=nFields+1;
    fieldNames=[fieldNames 'UDPChecksum'];
end

fieldArray = zeros(nPkts,nFields);

%% Read data packets
% Ethereal Header with timestamp is first 16 bytes.  Timestamp is in first
% 7 bytes.
% MAC Header is 14 bytes
% IP Header has IP+Data length field in bytes 3&4
for i=1:nPkts
    lostSync=0;
    ethHdr=fread(fid,16,'uchar');    % Read Ethereal Header
    ts(i,:) = ethHdr(1:7)';  % Save timestamp bytes
    macHdr = fread(fid,14,'uchar'); % Read MAC Header
%    macType = macHdr(13)*256 + macHdr(14);
    ipHdr = fread(fid,20,'uchar');
    len(i) = ipHdr(3)*256+ipHdr(4);   % Calculate packet length
    protocol(i) = ipHdr(10);    % Check if protocol is TCP or UDP
    if (protocol(i)==6)
        tcpHdr = fread(fid,20,'uchar');
        fseek(fid,-20,'cof');
    elseif (protocol(i)==17)
        udpHdr = fread(fid,8,'uchar');
        fseek(fid,-8,'cof');
    end
        
    
    %   Make sure IP address is correct, otherwise sync has been lost
    for (j=1:4)
        if (ipHdr(j+12)~=IP(j))
            if (ipHdr(j+16)~=IP(j))
                lostSync=1;
                disp('Damaged File - Attempting To Repair Packet ');
                disp(i);
            end
        end
    end
    
    % Search for the IP address in the file 
    while (lostSync==1)
        testIP = fread(fid,4,'uchar');
        foundIP=0;
        for (j=1:4)     % test all 4 bytes and make sure they match the IP address
            if testIP(j)==IP(j)
                foundIP=foundIP+1;
            end
        end
        if (foundIP==4) % if the address is found, rewind to first IP byte, which should be 0x45
            lostSync=0;
            fseek(fid,-16,'cof'); % Don't know if you're rewinding from source or dest IP address
            if (fread(fid,1,'uchar')~=69)  % so test both cases
                fseek(fid,-5,'cof');
                if (fread(fid,1,'uchar')~=69)
                    lostSync=1; % if you don't find 0x45 your sync is still lost
                    fseek(fid,20,'cof') % advance to front and keep searching
                end
            end
            if (lostSync==0) % if sync is found, recalc length and advance to end of IP packet
                lenBytes=fread(fid,3,'uchar');
                len(i)=256*lenBytes(2)+lenBytes(3);
                fseek(fid,16,'cof');
                %% Also go back and recalc time stamp
                fseek(fid,-50,'cof');
                ts(i,:)=fread(fid,7,'uchar');
                fseek(fid,43,'cof');
            end
        else
            fseek(fid,-3,'cof'); % if you didn't find IP, rewind 3 bytes and go to top of while loop
        end
    end

    % Store the selected attributes in their arrays
    if (protocol(i)==6)
        tempArray = storeFields(bitfield,i,macHdr,ipHdr,tcpHdr);
    elseif (protocol==17)
        tempArray = storeFields(bitfield,i,macHdr,ipHdr,udpHdr);
    end
    fieldArray(i,:) = tempArray;

    fseek(fid,-20,'cof');    % Rewind to start of IP packet
    fseek(fid,len(i),'cof');    % Forward to start of next Ethereal packet
end

%% Calculate timestamps
tPkt=zeros(nPkts,1);
for (i=1:nPkts)
    tPkt(i)=(ts(i,5) + ts(i,6)*256 + ts(i,7)*256*256)/1000000 + ts(i,1) + ts(i,2)*256 + ts(i,3)*256*256 + ts(i,4)*256*256*256;
end
tPkt=tPkt-tPkt(1);

%% Make final data source
source = [tPkt len];
z=diff(source(:,1));
source2=[source(1:end-1,1) z];
len2=[source(1:end-1,1) len(1:end-1)];

assignin('base','lenArray',len2);
assignin('base','sourceArray',source2);
assignin('base','fieldArray',fieldArray);

fclose(fid);


% --- Executes on button press in pbExit.
function pbExit_Callback(hObject, eventdata, handles)
% hObject    handle to pbExit (see GCBO)
% eventdata  reserved - to be defined in a future version of MATLAB
% handles    structure with handles and user data (see GUIDATA)

delete(handles.figure1);


%% Write selected fields into arrays
function array=storeFields(bf,i,macHdr,ipHdr,layer4Hdr)

columnLocation=1;

%% Test for MAC Fields
if bf(1)==1
    array(columnLocation) = macHdr(1)*256^5 + macHdr(2)*256^4 + macHdr(3)*256^3 + macHdr(4)*256^2 + macHdr(5)*256 + macHdr(6);
    columnLocation=columnLocation+1;
end
if bf(2)==1
    array(columnLocation) = macHdr(7)*256^5 + macHdr(8)*256^4 + macHdr(9)*256^3 + macHdr(10)*256^2 + macHdr(11)*256 + macHdr(12);
    columnLocation=columnLocation+1;
end
if bf(3)==1
    array(columnLocation) = macHdr(13)*256 + macHdr(14);
    columnLocation=columnLocation+1;
end

%% Test for IP Fields
if bf(4)==1
    array(columnLocation) = ipHdr(1);
    columnLocation=columnLocation+1;
end
if bf(5)==1
    array(columnLocation) = ipHdr(1);
    columnLocation=columnLocation+1;
end
if bf(6)==1
    array(columnLocation) = ipHdr(2);
    columnLocation=columnLocation+1;
end
if bf(7)==1
    array(columnLocation) = ipHdr(3)*256+ipHdr(4);
    columnLocation=columnLocation+1;
end
if bf(8)==1
    array(columnLocation) = ipHdr(5)*256+ipHdr(6);
    columnLocation=columnLocation+1;
end
if bf(9)==1
    array(columnLocation) = ipHdr(7);
    columnLocation=columnLocation+1;
end
if bf(10)==1
    array(columnLocation) = ipHdr(8);
    columnLocation=columnLocation+1;
end
if bf(11)==1
    array(columnLocation) = ipHdr(9);
    columnLocation=columnLocation+1;
end
if bf(12)==1
    array(columnLocation) = ipHdr(10);
    columnLocation=columnLocation+1;
end
if bf(13)==1
    array(columnLocation) = ipHdr(11)*256+ipHdr(12);
    columnLocation=columnLocation+1;
end
if bf(14)==1
    array(columnLocation) = ipHdr(13)*256^3+ipHdr(14)*256^2+ipHdr(15)*256+ipHdr(16);
    columnLocation=columnLocation+1;
end
if bf(15)==1
    array(columnLocation) = ipHdr(17)*256^3+ipHdr(18)*256^2+ipHdr(19)*256+ipHdr(20);
    columnLocation=columnLocation+1;
end

%% Test for TCP Fields
if bf(16)==1
    array(columnLocation) = layer4Hdr(1)*256+layer4Hdr(2);
    columnLocation=columnLocation+1;
end
if bf(17)==1
    array(columnLocation) = layer4Hdr(3)*256+layer4Hdr(4);
    columnLocation=columnLocation+1;
end
if bf(18)==1
    array(columnLocation) = layer4Hdr(5)*256^3+layer4Hdr(6)*256^2+layer4Hdr(7)*256+layer4Hdr(8);
    columnLocation=columnLocation+1;
end
if bf(19)==1
    array(columnLocation) = layer4Hdr(9)*256^3+layer4Hdr(10)*256^2+layer4Hdr(11)*256+layer4Hdr(12);
    columnLocation=columnLocation+1;
end
if bf(20)==1
    array(columnLocation) = layer4Hdr(13);
    columnLocation=columnLocation+1;
end
if bf(21)==1
    array(columnLocation) = layer4Hdr(14);
    columnLocation=columnLocation+1;
end
if bf(22)==1
    array(columnLocation) = layer4Hdr(15)*256+layer4Hdr(16);
    columnLocation=columnLocation+1;
end
if bf(23)==1
    array(columnLocation) = layer4Hdr(17)*256+layer4Hdr(18);
    columnLocation=columnLocation+1;
end
if bf(24)==1
    array(columnLocation) = layer4Hdr(19)*256+layer4Hdr(20);
    columnLocation=columnLocation+1;
end

%% Test for UDP Fields
if bf(25)==1
    array(columnLocation) = layer4Hdr(1)*256+layer4Hdr(2);
    columnLocation=columnLocation+1;
end
if bf(26)==1
    array(columnLocation) = layer4Hdr(3)*256+layer4Hdr(4);
    columnLocation=columnLocation+1;
end
if bf(27)==1
    array(columnLocation) = layer4Hdr(5)*256+layer4Hdr(6);
    columnLocation=columnLocation+1;
end
if bf(28)==1
    array(columnLocation) = layer4Hdr(7)*256+layer4Hdr(8);
    columnLocation=columnLocation+1;
end
上一页 1 23
💿 文件大小 2813 K
👤 上传用户 ac3698
📂 所属分类 Internet/网络编程
🏷️ 相关标签

#matlab #数据包 #以太网 #提取工具
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -