pcap2matlab() imports network protocol analyzer capabilties into MATLAB.

capture = pcap2matlab(filter, decodeas_and_dissector,filename_or_interface, capture_stop_criteria)
allows to perform direct network live captures as well as *.pcap files reading from the MATLAB
workspace. The output variable is a MATLAB structure, one entry for each captured packet,
comprising the content of the packet fields that were requested by the input arguments.
The function is based on the TShark network protocol analyzer (see http://www.wireshark.org/docs/man-pages/tshark.html
for more information) and can operate in two modes:
1. Capture mode in which it starts listening on the requested network interface, capturing
packets based on some predefined criteria (i.e. filter) and output the relevant packet fields
based on the decodeas and dissector input arguments.
2. Read mode in which it reads an already existing pcap file, extract packets based on some
predefined criteria (i.e. filter) and output the relevant packet fields based on the
decodeas and dissector input arguments.
The function currently supports PC 32/64-bit as well as Linux 32/64-bit platforms.
Other platforms might be easily added in the future.
Input arguments:
* filter – A TShark format capture filter argument
* decodeas_and_dissector – This input argument can be one of the following things:
1. A MATLAB structure whose field names are the requested packet field names to capture
whereas the content of each field, of this structure, comprises the byte/bits offsets to
capture for this specific field.
2. A one-dimensional cell of strings comprising the TShark decodeas expression (TShark
-d flag) (not mandatory but if appears must be the first one) as well as additional
TShark dissector expressions (TShark -e flag). Each dissector expression will
results in a matching field in the output captured struct.
* filename_or_interface – This input argument can be one of two things:
1. An integer number that identifies the network interface from which to start
capturing (TShark -i flag). Setting this input argument to an integer number will
automatically set the function to work in capture mode.
2. A filename string that identifies the pcap file to read. Setting this input argument
to a filename string will automatically set the function to work in read mode.
* capture_stop_criteria – Relevant for capture mode only (should not be assigned when working in
read mode). Sets the capture ‘stop capturing’ criteria (TShark -a/-c flags). This input
argument can be one of the following things:
1. A numeric number that sets the total number of packets to capture (TShark -c flag).
2. A string that identifies the capture stop criteria (TShark -a flag).
3. A cell array combining a few legal capture stop criteria arguments such as
{'duration:10',100} that will stop capturing after 10 sec or 100 packets whichever
comes first.
For more information on TShark’s stop capturing criteria options please refer to:
http://www.wireshark.org/docs/man-pages/tshark.html.

Alon Geva
$Revision: 1.03 $ $Date: 25/04/2014 01:52:53 $

For the full descreption/options of the function please see function header (or type
"help pcap2matlab()" in the MATLAB prompt).