TracesPlay - fast and simple way to access network data
The TracesPlay program enables to read different formats of network measurements (traces) such as PCAP or ERF (from DAG Cards).
It has been written without using pcap or other library which faciliates transfer between various platforms. Moreover, it has been implemented as C++ library , command line application and Matlab library .
In order to use TracesPlay as a MATLAB library just download the library:
Examples of using TracesPlay as a Matlab library.
In order to properly compute the queue behaviour you need packet arrival time and length. In order to read those information you need to use
[Data] = TracesPlay('-o HEADER.timeS HEADER.timeUs Pi.Len -r test.pcap');
Terry Brugger in „Data Mining Methods for Network Intrusion Detection” summarised numerous different intrussion detection algorithms. The most commonly used by fields are timestemp, source IP, destination IP, source port, destination port and the protocol type. All those fields can be read by comment
Data = TracesPlay('-o HEADER.timeS HEADER.timeUs IP.src IP.dst TCP.spo TCP.dpo IP.pro -i test.pcap')
Data = TracesPlay('-o HEADER.timeS HEADER.timeUs IP.src IP.dst UDP.src UDPdst IP.pro -i test.pcap')
More information and the files that you have to download are on the project webpage http://tracesplay.sourceforge.net/index.html