Suported Protocol Fields
MATLAB Library
Command Line Application
General Description
TracesPlay Parameters
Supported and Force-type Format
Output Filter Rules
Range Parameters
C++ Library New (v. 0.2)

MATLAB Library

First you need to download necessary files which you can find Fast Start section

In general ther are two ways of using TracesPlay in MATLAB.
The first is

[Data] = TracesPlay(command);

where command is a string which form is described in General Descripiton section.
The second way is

[Data] = TracesPlay(option1, parameter1, parameter2, ..., parameterN, option2, parameter1, ..., parameterM, ...);

where all option and parameter variables are strings. Parameters following an option are specific for the option. The detailed descripiton of existing options and parameters is given in General Descripiton section.

Comand Line Application

For command line application you use

TracesPlay command -c file_name

where TracesPlay is a compiled application, command is described in details in General Descripiton section and file_name is a cvs file name.

General Description

For both MATLAB and command line application a command string has to be specified. In this section detailed description of command construction is given.
The command string is

option1 parameter1 parameter2 ... parameterN option2 parameter1 ... parameterM ...

where option list is given here. Parameters following an option are option dependent.

List of the Most Important Parameters

-o set what type of field from protocol shall be output data. The supported fields are given here
-r (file name) - files name that shall be analyzed

Full List of TracesPlay Parameters

-o	set what fields' type are read. The supported fields are given here
-r (file name)	files name that shall be analyzed
-n	analyzed packet range. The range parameters are given here
-w (file_name)	write date to file in csv format (not supported in matlab)
-version	display program compile date
-a	always give date, even if they wasn't all filed in data
-c	write header to file
-m	check memmory block size
-h	display short help
-s	print on screen basic info (default disable in MATLAB function)
-ss	print on screen protocol information (value of protocol fields)
-test	execut small test to check memory size and other important parameters
-f	enable filter. The filter parameters are given here
-e	enable showing error comunicate
-u (in_format) (force_format)	force payload type (in_format) as protocol (force_format) now avaliable only: RTP, NETFLOW for UDP payload
-setLisner New (v. 0.2)	!!Only for MATLAB !! allow to run own matlab function from TracesPlay. Example of use is here

Supported Formats and Force-type Format

TracesPlay is able to read formats PCAP, ERF, TSH, FR and FR+ also Snoop v2 (for ver 0.1.3)
Program have simple algorytm to auto recognize format type and simple metod to force-type format we need enter format type after file name:

-r (file_name) (format_type) ((file_name) (format_type)... )

where format_type can be:

pcap	for PCAP format
cap	for PCAP format
erf	for ERF format
tsh	for TSH format
fr	for FR format
clr	for CLR format
snoop	for Snoop v2 format
lc	for Live caputre data from network device. It need TracesPlay version that work with PCAP library New (v. 0.2)
h264	for H264 stream stored in file with out extra stream New (v. 0.2)

Some example of use:

-r traces1.pcap pcap traces2.erf erf

Filter parameters

will be added

Range parameters

Range is defined by

-n start end

where start is the first analysed packet position and end is the last analysed packet position.
-1 means the first or the last packet for start and end respectively.

-n -1 100

reads first 100 packets

-n 101 200

reads packets from 101 to 200

-n 500 -1

reads packets from 500 to the last one.

Supported Protocol Fields

Heare are describe only most used protocol frame, for more protocol detail fields specification. Full list of supported protocol fileds can be find here

PCAP: All possible value are defined in Packet Information.

ERF: ERF.flags ERF.type ERF.lctrcolor

TSH: All possible value are defined in Packet Information.

FR+: All possible value are defined in Packet Information.

FR: All possible value are defined in Packet Information.

SNOOP: All possible value are defined in Packet Information.

Ethernet

1-6 octet	7-12	13-14
"ETH.src" MAC destination adddress	"ETH.dst" MAC source adddress	"ETH.typ" Ethertype/Length

802.1q: 802.1Q.UserPriority 802.1Q.CFI 802.1Q.VLANId 802.1Q.Type

802.11: 802.11.fc 802.11.fc.pro_ver 802.11.fc.type 802.11.fc.subtype 802.11.fc.to_ds 802.11.fc.from_ds 802.11.fc.moreflag 802.11.fc.retry 802.11.fc.power_mgt 802.11.fc.more_data 802.11.fc.wep 802.11.fc.order 802.11.duration_id 802.11.address1 802.11.address2 802.11.address3 802.11.address4 802.11.da 802.11.sa 802.11.ra 802.11.ta 802.11.bssid 802.11.bar_control 802.11.block_ack 802.11.block_ack_bitmap 802.11.seq_control 802.11.qos_control 802.11.seq_control 802.11.fra_control

Radio Tap: RADIOTAP.version RADIOTAP.pad RADIOTAP.len RADIOTAP.present RADIOTAP.mactime RADIOTAP.flags RADIOTAP.datarate RADIOTAP.channal_requency RADIOTAP.channal_flags RADIOTAP.hop_set RADIOTAP.hop_pattern RADIOTAP.dbm_ant_signal RADIOTAP.dbm_ant_noise RADIOTAP.lock_quality RADIOTAP.tx_attenuation RADIOTAP.db_tx_attenuation RADIOTAP.dbm_tx_power RADIOTAP.anntenna RADIOTAP.db_ant_signal RADIOTAP.db_ant_noise RADIOTAP.channal_plus

ATM: ATM.gcv ATM.vpi ATM.vci ATM.pt ATM.clp

ARP: ARP.hwType ARP.proType ARP.hwSize ARP.proSize ARP.opcode ARP.senderHw ARP.senderPro ARP.targetHw ARP.targetPro

IP v4

0-3	4-7	8-15	16-18	19-23	24-31
"IP.ver" Version	"IP.hlen" IHL	"IP.tos" Type of Service	"IP.len" Total Length
"IP.id" Identification			Flags	"IP.off" Fragment Offset
"IP.ttl"" Time to Live		"IP.pro" Protocol	Mb>"IP.checkSum" Header Checksum
"IP.src" Source Address
"IP.dst" Destination Address
Options					Padding

IP v6

0 - 3	4 - 11	12 - 15	16 - 23	24 - 31
"IPv6.ver" Version	"IPv6.trclass" Traffic Class	"IPv6.flabel" Flow Label
"IPv6.payloadLenght" Payload Length			"IPv6.nextHeader" Next Header	"IPv6.hopLimit" Hop Limit
"IPv6.srcAddr" Source Address
"IPv6.dstAddr" Destination Address

ICMP

160 - 167	168 - 175	176 - 183	184 - 191
"ICMP.typ" Type	"ICMP.cod" Code	Checksum
"ICMP.id" ID		"ICMP.sec" Sequence

Also ICMP avaliable filed are: "ICMP.ts" "ICMP.tr" "ICMP.tt"

TCP

0-3	4-7	8-15	16-23	24-31
"TCP.spo" Source Port			"TCP.dpo" Destination Port
"TCP.seq" Sequence Number
"TCP.ack" Acknowledgment Number
"TCP.dat" Data offset	Reserved	"TCP.fla" Flags (description)	"TCP.win" Window
Checksum			Urgent Pointer
Options				Padding
data

TCP.flag
TCP.flag can be shared as bit fields

bit 8	bit 7	bit 6	bit 5	bit 4	bit 3	bit 2	bit 1
TCP.fla.emp1	TCP.fla.emp2	TCP.fla.urg URG	TCP.fla.ack ACK	TCP.fla.eol PSH	TCP.fla.rst RST	TCP.fla.syn SYN	TCP.fla.fin FIN

UDP

0-15																16-31
"UDP.spo" Source Port																"UDP.dpo" Destination Port
"UDP.len" Length																"UDP.checkSum" Checksum
"UDP.payload" data octets

Also extra fileds for UDP are avaliable:
UDP.dataLen - data lenght

IGMP: IGMP.version IGMP.type IGMP.max_resp_time IGMP.checksum IGMP.group_addr IGMP.MQ.s_flag IGMP.MQ.qrv IGMP.MQ.qqic IGMP.nr_of_sources IGMP.source_address IGMP.MR.nr_of_groups IGMP.MR.record_type IGMP.MR.aux_data_len IGMP.MR.multicast_addr

RGMP: RGMP.type RGMP.checksum RGMP.group_addr

DHCP: DHCP.msg_type DHCP.hrw_type DHCP.hrw_len DHCP.hrw_ops DHCP.tra_id DHCP.sec_elapsed DHCP.bootp_flags DHCP.c_ip DHCP.your_c_ip DHCP.next_s_ip DHCP.relay_agent_ip DHCP.c_hrw_add DHCP.opt_host_name DHCP.boot_fn DHCP.option.SubnetMask DHCP.option.TimeOffset DHCP.option.Gateways DHCP.option.TimeServer DHCP.option.NameServer DHCP.option.DomainServer DHCP.option.LogServer DHCP.option.QuotesServer DHCP.option.LPRServer DHCP.option.ImpressServer DHCP.option.RLPServer DHCP.option.Hostname DHCP.option.BootFileSize DHCP.option.MeritDumpFile DHCP.option.DomainName DHCP.option.SwapServer DHCP.option.RootPath DHCP.option.ExtensionFile DHCP.option.ForwardOn/Off DHCP.option.SrcRteOn/Off DHCP.option.PolicyFilter DHCP.option.MaxDGAssembly DHCP.option.DefaultIPTTL DHCP.option.MTUTimeout DHCP.option.MTUPlateau DHCP.option.MTUInterface DHCP.option.MTUSubnet DHCP.option.BroadcastAddress DHCP.option.MaskDiscovery DHCP.option.MaskSupplier DHCP.option.RouterDiscovery DHCP.option.RouterRequest DHCP.option.StaticRoute DHCP.option.Trailers DHCP.option.ARPTimeout DHCP.option.Ethernet DHCP.option.DefaultTCPTTL DHCP.option.KeepaliveTime DHCP.option.KeepaliveData DHCP.option.NISDomain DHCP.option.NISServers DHCP.option.NTPServers DHCP.option.VendorSpecific DHCP.option.NETBIOSNameSrv DHCP.option.NETBIOSDistSrv DHCP.option.NETBIOSNoteType DHCP.option.NETBIOSScope DHCP.option.XWindowFont DHCP.option.XWindowManmager DHCP.option.AddressRequest DHCP.option.AddressTime DHCP.option.Overload DHCP.option.DHCPMsgType DHCP.option.DHCPServerId DHCP.option.ParameterList DHCP.option.DHCPMessage DHCP.option.DHCPMaxMsgSize DHCP.option.RenewalTime DHCP.option.RebindingTime DHCP.option.ClassId DHCP.option.ClientId DHCP.option.Netware/IPDomain DHCP.option.Netware/IPOption

NETFlow: NETFLOW.Version NETFLOW.Count NETFLOW.SysUptime NETFLOW.UnixSecs NETFLOW.HV1.UnicNSec NETFLOW.Version NETFLOW.Count NETFLOW.SysUptime NETFLOW.UnixSecs NETFLOW.HV5.UnicNSec NETFLOW.HV5.FlowSequence NETFLOW.HV5.EngineType NETFLOW.HV5.EngineId NETFLOW.HV5.SamplingInterval NETFLOW.Version NETFLOW.Count NETFLOW.SysUptime NETFLOW.UnixSecs NETFLOW.HV7.UnicNSec NETFLOW.HV7.FlowSequence NETFLOW.HV7.Reserved NETFLOW.Version NETFLOW.Count NETFLOW.SysUptime NETFLOW.UnixSecs NETFLOW.HV8.UnicNSec NETFLOW.HV8.FlowSequence NETFLOW.HV8.EngineType NETFLOW.HV8.EngineId NETFLOW.HV8.Aggregation NETFLOW.HV8.AggVersion NETFLOW.HV8.Reserved NETFLOW.HV9.PackageSeq NETFLOW.HV9.SourceId NETFLOW.R.SrcAddr NETFLOW.R.DstAddr NETFLOW.R.NextHop NETFLOW.R.Input NETFLOW.R.Output NETFLOW.R.Dpkts NETFLOW.R.Doctets NETFLOW.R.First NETFLOW.R.Last NETFLOW.R.SrcPort NETFLOW.R.DstPort NETFLOW.R.Pad1 NETFLOW.R.Prot NETFLOW.R.Tos NETFLOW.R.SrcAs NETFLOW.R.DstAs NETFLOW.R.SrcMask NETFLOW.R.DstMask NETFLOW.R.Flags NETFLOW.R.RouterSC NETFLOW.R.TcpFlags NETFLOW.R.Pad2 NETFLOW.R.Pad3 NETFLOW.R.Reserved NETFLOW.R.TcpFlags.empty0 NETFLOW.R.TcpFlags.empty1 NETFLOW.R.TcpFlags.urg NETFLOW.R.TcpFlags.ack NETFLOW.R.TcpFlags.eol NETFLOW.R.TcpFlags.rst NETFLOW.R.TcpFlags.syn NETFLOW.R.TcpFlags.fin NF.R9.inBytes NF.R9.inPkts NF.R9.flow NF.R9.protocol NF.R9.scrTos NF.R9.tcpFlags NF.R9.L4SrcPort NF.R9.IP.src NF.R9.srcMask NF.R9.inputSNMP NF.R9.L4.DstPort NF.R9.IP.dst NF.R9.dstMask NF.R9.outputSNMP NF.R9.ipv4NextHope NF.R9.scrAS NF.R9.dstAS NF.R9.BGPIPv4NextHope NF.R9.MulDstPkts NF.R9.MulDstBytes NF.R9.LastSwitched NF.R9.FirstSwitched NF.R9.OutBytes NF.R9.OutPkts NF.R9.MinPktLenght NF.R9.MaxPktLenght NF.R9.IPV6ScrAddr NF.R9.IPV6DstAddr NF.R9.IPV6SrcMask NF.R9.IPV6DstMask NF.R9.IPV6FlowLabel NF.R9.IcmpType NF.R9.MulIgmpType NF.R9.SamplingInterval NF.R9.SamplingAlgorithm NF.R9.FlowActiveTimeout NF.R9.FlowInactiveTimeout NF.R9.EnigneType NF.R9.EngineId NF.R9.TotalBytesExp NF.R9.TotalPktsExp NF.R9.TotalFlowExp NF.R9.IPV4SrcPrefix NF.R9.IPV4DstPrefix NF.R9.MPLSTopLabelType NF.R9.MPLSTopLabelIpAddr NF.R9.FlowSamplerId NF.R9.FlowSampledMode NF.R9.FlowSampledRandomInterval NF.R9.MinTTL NF.R9.MaxTTL NF.R9.IPV4Ident NF.R9.DstTOS NF.R9.InSrcMac NF.R9.OutDstMac NF.R9.SrcVLan NF.R9.DstVLan NF.R9.IPProtocolVersion NF.R9.Direction NF.R9.IPV6NextHope NF.R9.BGP_IPV6NextHope NF.R9.IPV6OptionHeader NF.R9.MPLSLabel1 NF.R9.MPLSLabel2 NF.R9.MPLSLabel3 NF.R9.MPLSLabel4 NF.R9.MPLSLabel5 NF.R9.MPLSLabel6 NF.R9.MPLSLabel7 NF.R9.MPLSLabel8 NF.R9.MPLSLabel9 NF.R9.MPLSLabel10 NF.R9.InDstMac NF.R9.OutSrcMac NF.R9.IfName NF.R9.IfDest NF.R9.SamplerName NF.R9.InPermanetBytes NF.R9.InPermanentPkts

LLC: LLC.dsap LLC.ssap LLC_sSeq LLC_rSeq LLC.control1

RTP

0 - 1	2	3	4 - 7	8	9 - 15	16 - 31
"RTP.version" Ver.	"RTP.padding" P	"RTP.extenios" X	"RTP.csrcCount" CC	"RTP.marker" M	"RTP.payloadType" PT	"RTP.seqNum" Sequence Number
"RTP.timestamp" Timestamp
"RTP.ssrc" synchronization source (SSRC) identifier
contributing source (CSRC) identifiers

H264: H264.NalPayload H264.NalFBZ H264.NalNRI H264.NalType H264.fu.s H264.fu.e H264.fu.r H264.fu.type H264.don H264.aud.ppt H264.aud.tb H264.sei.lptb H264.sei.lpsb H264.sei.tb H264.sh.fbis H264.sh.slice_type H264.sh.ppsid H264.sh.cpid H264.sh.fn H264.sh.fpf H264.sh.bff H264.sh.ipid H264.sh.pocl H264.sh.dpocb H264.sh.dpoc0 H264.sh.dpoc1 H264.sh.rpc H264.sh.dsmpf H264.sh.nriaof H264.sh.nril0am1 H264.sh.nril1am1 H264.sh.pllrfl0 H264.sh.ropni_1 H264.sh.adpnm1_1 H264.sh.ltpn_1 H264.sh.pllrfl1 H264.sh.ropni_2 H264.sh.adpnm1_2 H264.sh.ltpn_2 H264.sh.cii H264.sh.sqpd H2SDP.decodedH264SPS64.sh.sfsf H264.sh.sqsd H264.sh.ddfi H264.sh.sac0od2 H264.sh.sbod2 H264.sh.sgcc

MPEG2TS: MPEG2TS.sync MPEG2TS.tei MPEG2TS.pusi MPEG2TS.tp MPEG2TS.pid MPEG2TS.tsc MPEG2TS.afc MPEG2TS.cc MPEG2TS.ADAP.len MPEG2TS.ADAP.disc MPEG2TS.ADAP.rai MPEG2TS.ADAP.espi MPEG2TS.ADAP.pcrf MPEG2TS.ADAP.opcrf MPEG2TS.ADAP.spf MPEG2TS.ADAP.TPDF MPEG2TS.ADAP.AFEF MPEG2TS.PES.sid MPEG2TS.PES.packlen MPEG2TS.PES.sc MPEG2TS.PES.prio MPEG2TS.PES.dai MPEG2TS.PES.copyr MPEG2TS.PES.ooc MPEG2TS.PES.ptsdtsf MPEG2TS.PES.escrf MPEG2TS.PES.esrf MPEG2TS.PES.dsmtmf MPEG2TS.PES.acif MPEG2TS.PES.crcf MPEG2TS.PES.ef MPEG2TS.PES.hdl MPEG2TS.PES.pts MPEG2TS.PES.dts MPEG2TS.payload MPEG2TS.PAT.tid MPEG2TS.PAT.ssi MPEG2TS.PAT.sl MPEG2TS.PAT.tsid MPEG2TS.PAT.vn MPEG2TS.PAT.cni MPEG2TS.PAT.sn MPEG2TS.PAT.lsn MPEG2TS.PAT.pns MPEG2TS.PAT.pids MPEG2TS.PAT.crc32 MPEG2TS.PMT.tid MPEG2TS.PMT.ssi MPEG2TS.PMT.sl MPEG2TS.PMT.PN MPEG2TS.PMT.vn MPEG2TS.PMT.cni MPEG2TS.PMT.sn MPEG2TS.PMT.lsn MPEG2TS.PMT.pcrpid MPEG2TS.PMT.pil MPEG2TS.PMT.st MPEG2TS.PMT.epid MPEG2TS.PMT.esil MPEG2TS.PMT.crc32 MPEG2TS.CAT.tid MPEG2TS.CAT.ssi MPEG2TS.CAT.sl MPEG2TS.CAT.vn MPEG2TS.CAT.cni MPEG2TS.CAT.sn MPEG2TS.CAT.lsn MPEG2TS.CAT.casids MPEG2TS.CAT.capids MPEG2TS.CAT.crc32 MPEG2TS.subnr

SDP: SDP.decodedH264PPS SDP.decodedH264SPS

List Of all protocol fileds: List of all supported fields can be found here

C++ library

Short example how to use TracesPlay as a library can be found here.

Manula page of using TracesPlay as library in own code is describe here