How do I extract the right information of a pcap file with pcap2matlab?

edit

Looks like there is a "Wireshark decoder" mentioned here.
Have you tried asking R2SONIC about the decoder?

As @Chuckc implied, the data in the capture doesn't appear to be supported by the built-in dissectors so if the data is from a custom protocol, and as you have shown images of it there does seem to be some form of dissection, we would need to get a copy of that dissector to help out.

There should be no issue sharing the dissector as due to the licence that Wireshark uses (GPL 2.0 or later) the source of any dissectors distributed outside of the originators company MUST be made available.

You guys are right, I added the dissector link: https://gofile.io/d/bCXBDG The dissector only works with an old version unfortunately, so I used wireshark 1.12

1.12? Uggh, it was EOL 4 years ago.

Does tshark of that vintage print out anything useful when given the -G fields option, e.g.

path\to\tshark.exe -G fields > fields.txt

Make sure you redirect to a file as the output is large. You're looking for anything with "R2Sonic" in it.

Since you're distributing a binary of a GPL'ed program, can we have the source code please?

I dont have the source code, only the files i have shared is what i have

The original vendor, apparently R2Sonic, MUST make the source code available to you which you are then free to give to anyone else. Please contact the vendor and request they make the source code available.

@Bram Note the lack of source code isn't your fault, but the originator (R2Sonic?) of the dissector.

This gives us 2 problems when trying to help you:

1. Lack of knowledge of the fields in the custom dissector to create the parameters to give to
2. The 3rd party matlab plugin which is not provided by the Wireshark project.

I understand, I send them an email asking for the source code. However I don't have the highest of hopes for this. Seeing that the code itself only works on such an old version of wireshark I don't really know if they are still active in that field. I hope they respond soon!

Anyway many thanks for the time all you guys have put in this already!

What you could do would be to try your version of tshark (it should pick up the plugin) and dump the output to text and see if you possibly import that in somewhat to matlab, e.g.

path\to\tshark.exe -r path\to\pcap -V -T text

If i do that it dumps out all the values and titles in the program like this: https://gofile.io/d/hqHB28

Is there any way to just get all the range values from the different frames? In this format Matlab is not able to do anything with it

Try swapping the -V with a -O r2 (the uppercase letter O) to limit the display to the R2 protocol.

That already looks better, however since the name and the value of the data is still in the same cell i still cannot use this in matlab.

If the dissector writer had given the fields proper names then you'd be able to use other tshark options to just give you the fields required in CSV format, but it appears they haven't.

Maybe try the other -T options available in that version, they are; ps, psml and pdml.

You may just have to pick a text output format and post-process it, e.g. with Python or whatever to massage it into a suitable format.

@Bram I think the first part has been done, you have the data as UDP in pcap format.

From the garbled reply it seems as R2Sonic are offering alternative choices for getting the data into MatLab (which you are free to pursue but will be off topic for this site), and didn't discuss the dissector source. Can you please ask them again directly for the source code for the Wireshark dissector as it's a GPL 2.0 license compliance issue, otherwise the project may have to arrange a letter from a solicitor?

I have asked them again, I was already surprised that i even got a reply in the first place so lets hope this works!