• Suported Protocol Fields
  • MATLAB Library
  • Command Line Application
  • General Description
  • TracesPlay Parameters
  • Supported and Force-type Format
  • Output Filter Rules
  • Range Parameters
  • C++ Library New (v. 0.2)

MATLAB Library


First you need to download necessary files which you can find Fast Start section

In general ther are two ways of using TracesPlay in MATLAB.
The first is
[Data] = TracesPlay(command);
where command is a string which form is described in General Descripiton section.
The second way is
[Data] = TracesPlay(option1, parameter1, parameter2, ..., parameterN, option2, parameter1, ..., parameterM, ...);
where all option and parameter variables are strings. Parameters following an option are specific for the option. The detailed descripiton of existing options and parameters is given in General Descripiton section.

Comand Line Application


For command line application you use
TracesPlay command -c file_name
where TracesPlay is a compiled application, command is described in details in General Descripiton section and file_name is a cvs file name.

General Description


For both MATLAB and command line application a command string has to be specified. In this section detailed description of command construction is given.
The command string is
option1 parameter1 parameter2 ... parameterN option2 parameter1 ... parameterM ...
where option list is given here. Parameters following an option are option dependent.

List of the Most Important Parameters


-o set what type of field from protocol shall be output data. The supported fields are given here
-r (file name) - files name that shall be analyzed


Full List of TracesPlay Parameters


-o set what fields' type are read. The supported fields are given here
-r (file name) files name that shall be analyzed
-n analyzed packet range. The range parameters are given here
-w (file_name) write date to file in csv format (not supported in matlab)
-version display program compile date
-a always give date, even if they wasn't all filed in data
-c write header to file
-m check memmory block size
-h display short help
-s print on screen basic info (default disable in MATLAB function)
-ss print on screen protocol information (value of protocol fields)
-test execut small test to check memory size and other important parameters
-f enable filter. The filter parameters are given here
-e enable showing error comunicate
-u (in_format) (force_format) force payload type (in_format) as protocol (force_format)
now avaliable only: RTP, NETFLOW for UDP payload
-setLisner New (v. 0.2) !!Only for MATLAB !! allow to run own matlab function from TracesPlay. Example of use is here

Supported Formats and Force-type Format


TracesPlay is able to read formats PCAP, ERF, TSH, FR and FR+ also Snoop v2 (for ver 0.1.3)
Program have simple algorytm to auto recognize format type and simple metod to force-type format we need enter format type after file name:
-r (file_name) (format_type) ((file_name) (format_type)... )
where format_type can be:
pcap for PCAP format
cap for PCAP format
erf for ERF format
tsh for TSH format
fr for FR format
clr for CLR format
snoop for Snoop v2 format
lc for Live caputre data from network device. It need TracesPlay version that work with PCAP library New (v. 0.2)
h264 for H264 stream stored in file with out extra stream New (v. 0.2)
Some example of use:
-r traces1.pcap pcap traces2.erf erf

Filter parameters

will be added

Range parameters

Range is defined by
-n start end
where start is the first analysed packet position and end is the last analysed packet position.
-1 means the first or the last packet for start and end respectively.
-n -1 100
reads first 100 packets
-n 101 200
reads packets from 101 to 200
-n 500 -1
reads packets from 500 to the last one.

Supported Protocol Fields


Heare are describe only most used protocol frame, for more protocol detail fields specification. Full list of supported protocol fileds can be find here


PCAP
All possible value are defined in Packet Information.

ERF
ERF.flags ERF.type ERF.lctrcolor

TSH
All possible value are defined in Packet Information.

FR+
All possible value are defined in Packet Information.

FR
All possible value are defined in Packet Information.

SNOOP
All possible value are defined in Packet Information.


Ethernet
1-6 octet 7-12 13-14
"ETH.src"
MAC destination adddress
"ETH.dst"
MAC source adddress
"ETH.typ"
Ethertype/Length


802.1q
802.1Q.UserPriority 802.1Q.CFI 802.1Q.VLANId 802.1Q.Type

802.11
802.11.fc 802.11.fc.pro_ver 802.11.fc.type 802.11.fc.subtype 802.11.fc.to_ds 802.11.fc.from_ds 802.11.fc.moreflag 802.11.fc.retry 802.11.fc.power_mgt 802.11.fc.more_data 802.11.fc.wep 802.11.fc.order 802.11.duration_id 802.11.address1 802.11.address2 802.11.address3 802.11.address4 802.11.da 802.11.sa 802.11.ra 802.11.ta 802.11.bssid 802.11.bar_control 802.11.block_ack 802.11.block_ack_bitmap 802.11.seq_control 802.11.qos_control 802.11.seq_control 802.11.fra_control

Radio Tap
RADIOTAP.version RADIOTAP.pad RADIOTAP.len RADIOTAP.present RADIOTAP.mactime RADIOTAP.flags RADIOTAP.datarate RADIOTAP.channal_requency RADIOTAP.channal_flags RADIOTAP.hop_set RADIOTAP.hop_pattern RADIOTAP.dbm_ant_signal RADIOTAP.dbm_ant_noise RADIOTAP.lock_quality RADIOTAP.tx_attenuation RADIOTAP.db_tx_attenuation RADIOTAP.dbm_tx_power RADIOTAP.anntenna RADIOTAP.db_ant_signal RADIOTAP.db_ant_noise RADIOTAP.channal_plus

ATM
ATM.gcv ATM.vpi ATM.vci ATM.pt ATM.clp

ARP
ARP.hwType ARP.proType ARP.hwSize ARP.proSize ARP.opcode ARP.senderHw ARP.senderPro ARP.targetHw ARP.targetPro

IP v4
0-3 4-7 8-15 16-18 19-23 24-31
"IP.ver"
Version
"IP.hlen"
IHL
"IP.tos"
Type of Service
"IP.len"
Total Length
"IP.id"
Identification
Flags "IP.off"
Fragment Offset
"IP.ttl""
Time to Live
"IP.pro"
Protocol
Mb>"IP.checkSum"
Header Checksum
"IP.src"
Source Address
"IP.dst"
Destination Address
Options Padding


IP v6
0 - 3 4 - 11 12 - 15 16 - 23 24 - 31
"IPv6.ver"
Version
"IPv6.trclass"
Traffic Class
"IPv6.flabel"
Flow Label
"IPv6.payloadLenght"
Payload Length
"IPv6.nextHeader"
Next Header
"IPv6.hopLimit"
Hop Limit
"IPv6.srcAddr"
Source Address
"IPv6.dstAddr"
Destination Address


ICMP
160 - 167 168 - 175 176 - 183 184 - 191
"ICMP.typ"
Type
"ICMP.cod"
Code

Checksum
"ICMP.id"
ID
"ICMP.sec"
Sequence

Also ICMP avaliable filed are: "ICMP.ts" "ICMP.tr" "ICMP.tt"


TCP
0-3 4-7 8-15 16-23 24-31
"TCP.spo"
Source Port
"TCP.dpo"
Destination Port
"TCP.seq"
Sequence Number
"TCP.ack"
Acknowledgment Number
"TCP.dat"
Data offset
Reserved "TCP.fla"
Flags (description)
"TCP.win"
Window
Checksum Urgent Pointer
Options Padding

data


TCP.flag
TCP.flag can be shared as bit fields
bit 8 bit 7 bit 6 bit 5 bit 4 bit 3 bit 2 bit 1
TCP.fla.emp1 TCP.fla.emp2 TCP.fla.urg
URG
TCP.fla.ack
ACK
TCP.fla.eol
PSH
TCP.fla.rst
RST
TCP.fla.syn
SYN
TCP.fla.fin
FIN


UDP
0-15 16-31
"UDP.spo"
Source Port
"UDP.dpo"
Destination Port
"UDP.len"
Length
"UDP.checkSum"
Checksum

"UDP.payload"
data octets


Also extra fileds for UDP are avaliable:
UDP.dataLen - data lenght

IGMP
IGMP.version IGMP.type IGMP.max_resp_time IGMP.checksum IGMP.group_addr IGMP.MQ.s_flag IGMP.MQ.qrv IGMP.MQ.qqic IGMP.nr_of_sources IGMP.source_address IGMP.MR.nr_of_groups IGMP.MR.record_type IGMP.MR.aux_data_len IGMP.MR.multicast_addr

RGMP
RGMP.type RGMP.checksum RGMP.group_addr

DHCP
DHCP.msg_type DHCP.hrw_type DHCP.hrw_len DHCP.hrw_ops DHCP.tra_id DHCP.sec_elapsed DHCP.bootp_flags DHCP.c_ip DHCP.your_c_ip DHCP.next_s_ip DHCP.relay_agent_ip DHCP.c_hrw_add DHCP.opt_host_name DHCP.boot_fn DHCP.option.SubnetMask DHCP.option.TimeOffset DHCP.option.Gateways DHCP.option.TimeServer DHCP.option.NameServer DHCP.option.DomainServer DHCP.option.LogServer DHCP.option.QuotesServer DHCP.option.LPRServer DHCP.option.ImpressServer DHCP.option.RLPServer DHCP.option.Hostname DHCP.option.BootFileSize DHCP.option.MeritDumpFile DHCP.option.DomainName DHCP.option.SwapServer DHCP.option.RootPath DHCP.option.ExtensionFile DHCP.option.ForwardOn/Off DHCP.option.SrcRteOn/Off DHCP.option.PolicyFilter DHCP.option.MaxDGAssembly DHCP.option.DefaultIPTTL DHCP.option.MTUTimeout DHCP.option.MTUPlateau DHCP.option.MTUInterface DHCP.option.MTUSubnet DHCP.option.BroadcastAddress DHCP.option.MaskDiscovery DHCP.option.MaskSupplier DHCP.option.RouterDiscovery DHCP.option.RouterRequest DHCP.option.StaticRoute DHCP.option.Trailers DHCP.option.ARPTimeout DHCP.option.Ethernet DHCP.option.DefaultTCPTTL DHCP.option.KeepaliveTime DHCP.option.KeepaliveData DHCP.option.NISDomain DHCP.option.NISServers DHCP.option.NTPServers DHCP.option.VendorSpecific DHCP.option.NETBIOSNameSrv DHCP.option.NETBIOSDistSrv DHCP.option.NETBIOSNoteType DHCP.option.NETBIOSScope DHCP.option.XWindowFont DHCP.option.XWindowManmager DHCP.option.AddressRequest DHCP.option.AddressTime DHCP.option.Overload DHCP.option.DHCPMsgType DHCP.option.DHCPServerId DHCP.option.ParameterList DHCP.option.DHCPMessage DHCP.option.DHCPMaxMsgSize DHCP.option.RenewalTime DHCP.option.RebindingTime DHCP.option.ClassId DHCP.option.ClientId DHCP.option.Netware/IPDomain DHCP.option.Netware/IPOption

NETFlow
NETFLOW.Version NETFLOW.Count NETFLOW.SysUptime NETFLOW.UnixSecs NETFLOW.HV1.UnicNSec NETFLOW.Version NETFLOW.Count NETFLOW.SysUptime NETFLOW.UnixSecs NETFLOW.HV5.UnicNSec NETFLOW.HV5.FlowSequence NETFLOW.HV5.EngineType NETFLOW.HV5.EngineId NETFLOW.HV5.SamplingInterval NETFLOW.Version NETFLOW.Count NETFLOW.SysUptime NETFLOW.UnixSecs NETFLOW.HV7.UnicNSec NETFLOW.HV7.FlowSequence NETFLOW.HV7.Reserved NETFLOW.Version NETFLOW.Count NETFLOW.SysUptime NETFLOW.UnixSecs NETFLOW.HV8.UnicNSec NETFLOW.HV8.FlowSequence NETFLOW.HV8.EngineType NETFLOW.HV8.EngineId NETFLOW.HV8.Aggregation NETFLOW.HV8.AggVersion NETFLOW.HV8.Reserved NETFLOW.HV9.PackageSeq NETFLOW.HV9.SourceId NETFLOW.R.SrcAddr NETFLOW.R.DstAddr NETFLOW.R.NextHop NETFLOW.R.Input NETFLOW.R.Output NETFLOW.R.Dpkts NETFLOW.R.Doctets NETFLOW.R.First NETFLOW.R.Last NETFLOW.R.SrcPort NETFLOW.R.DstPort NETFLOW.R.Pad1 NETFLOW.R.Prot NETFLOW.R.Tos NETFLOW.R.SrcAs NETFLOW.R.DstAs NETFLOW.R.SrcMask NETFLOW.R.DstMask NETFLOW.R.Flags NETFLOW.R.RouterSC NETFLOW.R.TcpFlags NETFLOW.R.Pad2 NETFLOW.R.Pad3 NETFLOW.R.Reserved NETFLOW.R.TcpFlags.empty0 NETFLOW.R.TcpFlags.empty1 NETFLOW.R.TcpFlags.urg NETFLOW.R.TcpFlags.ack NETFLOW.R.TcpFlags.eol NETFLOW.R.TcpFlags.rst NETFLOW.R.TcpFlags.syn NETFLOW.R.TcpFlags.fin NF.R9.inBytes NF.R9.inPkts NF.R9.flow NF.R9.protocol NF.R9.scrTos NF.R9.tcpFlags NF.R9.L4SrcPort NF.R9.IP.src NF.R9.srcMask NF.R9.inputSNMP NF.R9.L4.DstPort NF.R9.IP.dst NF.R9.dstMask NF.R9.outputSNMP NF.R9.ipv4NextHope NF.R9.scrAS NF.R9.dstAS NF.R9.BGPIPv4NextHope NF.R9.MulDstPkts NF.R9.MulDstBytes NF.R9.LastSwitched NF.R9.FirstSwitched NF.R9.OutBytes NF.R9.OutPkts NF.R9.MinPktLenght NF.R9.MaxPktLenght NF.R9.IPV6ScrAddr NF.R9.IPV6DstAddr NF.R9.IPV6SrcMask NF.R9.IPV6DstMask NF.R9.IPV6FlowLabel NF.R9.IcmpType NF.R9.MulIgmpType NF.R9.SamplingInterval NF.R9.SamplingAlgorithm NF.R9.FlowActiveTimeout NF.R9.FlowInactiveTimeout NF.R9.EnigneType NF.R9.EngineId NF.R9.TotalBytesExp NF.R9.TotalPktsExp NF.R9.TotalFlowExp NF.R9.IPV4SrcPrefix NF.R9.IPV4DstPrefix NF.R9.MPLSTopLabelType NF.R9.MPLSTopLabelIpAddr NF.R9.FlowSamplerId NF.R9.FlowSampledMode NF.R9.FlowSampledRandomInterval NF.R9.MinTTL NF.R9.MaxTTL NF.R9.IPV4Ident NF.R9.DstTOS NF.R9.InSrcMac NF.R9.OutDstMac NF.R9.SrcVLan NF.R9.DstVLan NF.R9.IPProtocolVersion NF.R9.Direction NF.R9.IPV6NextHope NF.R9.BGP_IPV6NextHope NF.R9.IPV6OptionHeader NF.R9.MPLSLabel1 NF.R9.MPLSLabel2 NF.R9.MPLSLabel3 NF.R9.MPLSLabel4 NF.R9.MPLSLabel5 NF.R9.MPLSLabel6 NF.R9.MPLSLabel7 NF.R9.MPLSLabel8 NF.R9.MPLSLabel9 NF.R9.MPLSLabel10 NF.R9.InDstMac NF.R9.OutSrcMac NF.R9.IfName NF.R9.IfDest NF.R9.SamplerName NF.R9.InPermanetBytes NF.R9.InPermanentPkts

LLC
LLC.dsap LLC.ssap LLC_sSeq LLC_rSeq LLC.control1

RTP
0 - 1 2 3 4 - 7 8 9 - 15 16 - 31
"RTP.version"
Ver.
"RTP.padding"
P
"RTP.extenios"
X
"RTP.csrcCount"
CC
"RTP.marker"
M
"RTP.payloadType"
PT
"RTP.seqNum"
Sequence Number
"RTP.timestamp"
Timestamp
"RTP.ssrc"
synchronization source (SSRC) identifier

contributing source (CSRC) identifiers


H264
H264.NalPayload H264.NalFBZ H264.NalNRI H264.NalType H264.fu.s H264.fu.e H264.fu.r H264.fu.type H264.don H264.aud.ppt H264.aud.tb H264.sei.lptb H264.sei.lpsb H264.sei.tb H264.sh.fbis H264.sh.slice_type H264.sh.ppsid H264.sh.cpid H264.sh.fn H264.sh.fpf H264.sh.bff H264.sh.ipid H264.sh.pocl H264.sh.dpocb H264.sh.dpoc0 H264.sh.dpoc1 H264.sh.rpc H264.sh.dsmpf H264.sh.nriaof H264.sh.nril0am1 H264.sh.nril1am1 H264.sh.pllrfl0 H264.sh.ropni_1 H264.sh.adpnm1_1 H264.sh.ltpn_1 H264.sh.pllrfl1 H264.sh.ropni_2 H264.sh.adpnm1_2 H264.sh.ltpn_2 H264.sh.cii H264.sh.sqpd H2SDP.decodedH264SPS64.sh.sfsf H264.sh.sqsd H264.sh.ddfi H264.sh.sac0od2 H264.sh.sbod2 H264.sh.sgcc

MPEG2TS
MPEG2TS.sync MPEG2TS.tei MPEG2TS.pusi MPEG2TS.tp MPEG2TS.pid MPEG2TS.tsc MPEG2TS.afc MPEG2TS.cc MPEG2TS.ADAP.len MPEG2TS.ADAP.disc MPEG2TS.ADAP.rai MPEG2TS.ADAP.espi MPEG2TS.ADAP.pcrf MPEG2TS.ADAP.opcrf MPEG2TS.ADAP.spf MPEG2TS.ADAP.TPDF MPEG2TS.ADAP.AFEF MPEG2TS.PES.sid MPEG2TS.PES.packlen MPEG2TS.PES.sc MPEG2TS.PES.prio MPEG2TS.PES.dai MPEG2TS.PES.copyr MPEG2TS.PES.ooc MPEG2TS.PES.ptsdtsf MPEG2TS.PES.escrf MPEG2TS.PES.esrf MPEG2TS.PES.dsmtmf MPEG2TS.PES.acif MPEG2TS.PES.crcf MPEG2TS.PES.ef MPEG2TS.PES.hdl MPEG2TS.PES.pts MPEG2TS.PES.dts MPEG2TS.payload MPEG2TS.PAT.tid MPEG2TS.PAT.ssi MPEG2TS.PAT.sl MPEG2TS.PAT.tsid MPEG2TS.PAT.vn MPEG2TS.PAT.cni MPEG2TS.PAT.sn MPEG2TS.PAT.lsn MPEG2TS.PAT.pns MPEG2TS.PAT.pids MPEG2TS.PAT.crc32 MPEG2TS.PMT.tid MPEG2TS.PMT.ssi MPEG2TS.PMT.sl MPEG2TS.PMT.PN MPEG2TS.PMT.vn MPEG2TS.PMT.cni MPEG2TS.PMT.sn MPEG2TS.PMT.lsn MPEG2TS.PMT.pcrpid MPEG2TS.PMT.pil MPEG2TS.PMT.st MPEG2TS.PMT.epid MPEG2TS.PMT.esil MPEG2TS.PMT.crc32 MPEG2TS.CAT.tid MPEG2TS.CAT.ssi MPEG2TS.CAT.sl MPEG2TS.CAT.vn MPEG2TS.CAT.cni MPEG2TS.CAT.sn MPEG2TS.CAT.lsn MPEG2TS.CAT.casids MPEG2TS.CAT.capids MPEG2TS.CAT.crc32 MPEG2TS.subnr

SDP
SDP.decodedH264PPS SDP.decodedH264SPS


List Of all protocol fileds
List of all supported fields can be found here

C++ library


Short example how to use TracesPlay as a library can be found here.

Manula page of using TracesPlay as library in own code is describe here