how to store the captured packets in Excel sheet?

Question

My project is about capturing the packets in promiscuous mode in the client side and processing it (distinguishing between tcp,udp,icmp)in server side which is done using C socket code.

The Output is stored in a txt file as of now,but i want to save those packets in a Excel sheet(in ubuntu 13.04 it is LibreOffice Calc).

I dont know whether its possible to do it? Can anybody please help me if its possible?and also how to do it?

edited part

This is how i process the packet in the server side

FILE *logfile;
int infile;
struct sockaddr_in source,dest;
int tcp=0,udp=0,icmp=0,others=0,igmp=0,total=0,i,j;

int main()
{
int saddr_size,data_size;  
struct sockaddr saddr;   
unsigned char *buffer3 = (unsigned char *) malloc(1024);
char *fname = "/home/shishira/Desktop/packet_capture/task_agent_processed.txt";

infile=open("info_agent_report.txt",O_RDONLY);
if(infile==-1)
     {
        perror("cannot open info_agent_report file\n");
        return(1);
     }  

logfile=fopen("task_agent_processed.txt","w");
if(logfile==NULL)
{
    printf("Unable to create task_agent_processed file.");
}

printf("\n Starting..\n");
saddr_size = sizeof saddr;     

do
{   

 data_size=read(infile,buffer3,1024);



ProcessPacket(buffer3 , data_size);  

}
while(data_size>0);


fclose(logfile);
close(infile);   
printf("\n");
printf(" Finished\n\n");
printf("-------------------\n\n");
return 0;
}

void ProcessPacket(unsigned char* buffer, int size)
 {
//Get the IP Header part of this packet , excluding the ethernet header
struct iphdr *iph = (struct iphdr*)(buffer + sizeof(struct ethhdr));
++total;
switch (iph->protocol) //Check the Protocol and do accordingly...
{
    case 1:  //ICMP Protocol
        ++icmp;
        print_icmp_packet( buffer , size);
        break;

    case 2:  //IGMP Protocol
        ++igmp;
        break;

    case 6:  //TCP Protocol
        ++tcp;
        print_tcp_packet(buffer , size);
        break;

    case 17: //UDP Protocol
        ++udp;
        print_udp_packet(buffer , size);
        break;

    default: //Some Other Protocol like ARP etc.
        ++others;
        break;
}

printf("            TCP : %d   UDP : %d   ICMP : %d   Others : %d   Total : %d\r", tcp ,  
udp , icmp  , others , total);   
 }


void print_udp_packet(unsigned char *Buffer , int Size)
{     
unsigned short iphdrlen;

struct iphdr *iph = (struct iphdr *)(Buffer +  sizeof(struct ethhdr));
iphdrlen = iph->ihl*4;

struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen  + sizeof(struct ethhdr));

int header_size =  sizeof(struct ethhdr) + iphdrlen + sizeof udph;

fprintf(logfile , "\n\n***********************UDP Packet*************************\n");

print_ip_header(Buffer,Size);          

fprintf(logfile , "\nUDP Header\n");
fprintf(logfile , "   |-Source Port      : %d\n" , ntohs(udph->source));
fprintf(logfile , "   |-Destination Port : %d\n" , ntohs(udph->dest));
fprintf(logfile , "   |-UDP Length       : %d\n" , ntohs(udph->len));
fprintf(logfile , "   |-UDP Checksum     : %d\n" , ntohs(udph->check));

fprintf(logfile , "\n");
fprintf(logfile , "IP Header\n");
PrintData(Buffer , iphdrlen);

fprintf(logfile , "UDP Header\n");
PrintData(Buffer+iphdrlen , sizeof udph);

fprintf(logfile , "Data Payload\n");   

//Move the pointer ahead and reduce the size of string
PrintData(Buffer + header_size , Size - header_size);

fprintf(logfile , "\n###########################################################");
}
}
}

I have just included udp packet here. Here in fprintf statement i am using to print all the packets in the file whose filehandler is "logfile". the output which i get looks in this way

 This Report is from the Task agent whose IP is 127.0.0.1


***********************UDP Packet*************************

Ethernet Header
|-Destination Address : 01-00-5E-00-00-02 
|-Source Address      : 00-00-0C-07-AC-3B 
|-Protocol            : 8 

IP Header
|-IP Version        : 4
|-IP Header Length  : 5 DWORDS or 20 Bytes
|-Type Of Service   : 192
|-IP Total Length   : 48  Bytes(Size of Packet)
|-Identification    : 0
|-TTL      : 1
|-Protocol : 17
|-Checksum : 61927
|-Source IP        : 172.16.59.3
|-Destination IP   : 224.0.0.2

UDP Header
|-Source Port      : 1985
|-Destination Port : 1985
|-UDP Length       : 28
|-UDP Checksum     : 42701

IP Header
01 00 5E 00 00 02 00 00 0C 07 AC 3B 08 00 45 C0         ..^........;..E.
00 30 00 00                                             .0..
UDP Header
00 00 01 11 F1 E7 AC 10                                 ........
Data Payload
00 00 10 03 0A 6E 3B 00 63 69 73 63 6F 00 00 00         .....n;.cisco...
AC 10 3B 01 00 00 00 00 00 00 00 00 00 00 00 00         ..;.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00         ................
00 00 00 00 00 00                                       ......

###########################################################

My question is instead of writing to a text file using

 logfile=fopen("task_agent_processed.txt","w");

Can i directly write to a csv file or any other format which automatically displays the fields in the spreadsheets??

With 'real' Excel on Windows I use COM automation. You will have to dive into the API for your funny thing. — Martin James, Nov 26 '13 at 11:20
Packets contain lots of unprintable characters, which will make your life hard. They may also contain commas, which make problems with CSVs. You need to decide how you want to store it. — ugoren, Nov 26 '13 at 13:03
Problem with commas can be easily eliminated by using quotes for quoting all values. Unfortunately, it generates another problem, with quote symbols :-). This probably can be solved by substituting all `"` with `""`. — Wookie88, Nov 26 '13 at 13:25

score 2 · Answer 1 · edited May 23 '17 at 11:49

2

If you want to store your data in file that can be opened with Excel or Libre Office the best way is to use CSV files (see here). It's a txt file, but with special format.

Please note that Libre Office is flexible when it comes to reading CSV files, but if you want to easily open file in Excel with double click (not by import options), you should use semi-colon (not a comma) for a separator.

Writing in .xls or .odt format will need more work. You will need a library, see this topic for more information.

edited May 23 '17 at 11:49

Community

1
1

answered Nov 26 '13 at 12:47

Wookie88

33,079
4
27
32

sir i have included my final output txt file. i am unable to understand how do i create the cells using c program to insert the data into it? – Beginner Nov 27 '13 at 05:56
You don't create cells explicitly. Let's say you want to store into CSV file three values: date, IP and packet type. You create `struct` containing those three fields. Then, you create array of this `struct`. In `for` loop over array of struct you write separate structs to your CSV file-you write out your date, then you insert comma, then IP, then comma and then packet type and new-line character at the end. The CSV file is a simple text file where rows are file lines and columns are separated with commas. When you open it with Excel/LibreOffice it should decode your file correctly into table. – Wookie88 Nov 27 '13 at 06:41
See here for example: http://stackoverflow.com/questions/14916527/writing-to-a-csv-file-in-c – Wookie88 Nov 27 '13 at 06:46
Sir i have updated my question. Please let me know if you have some idea regarding that. – Beginner Nov 27 '13 at 09:23
AFAIK it is impossible to do this automatically. You have to design how you would like csv to look like and then parse the output packet string according to your design. – Wookie88 Nov 27 '13 at 18:53

how to store the captured packets in Excel sheet?

1 Answers1