This project is about analyzing the packet size distribution from a publicly available
packet trace.
The empirical probability THAT IS
(frequency of the packet)/(total number of packets)
i.e., (the number of packets of that size)/(total number of packets)

The packet trace file is given.The perl code is given which is used to convert the original binary into ascii

#! /usr/local/bin/perl

# input file format:
#
# 512 byte header
# 17408*60 bytes data
# 512 byte header
# 17408*60 bytes data
# . . . .
#
# bytes 2/3 in the headers contain the usable cell count for the data portion
# bytes 4/5 contain the interface number for the data portion
#
# for the data part:
#
# 0 1 2 3
# 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#0 | clockstamp | Header
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#1 | clockstamp | FIFO depth |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#2 | ATM header |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#3 | LLC/SNAP |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#4 | LLC/SNAP |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#5 |Version| IHL |Type of Service| Total Length | IP
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#6 | Identification |Flags| Fragment Offset |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#7 | Time to Live | Protocol | Header Checksum |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#8 | Source Address |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#9 | Destination Address |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#
# option(s) or other header following; e.g., for TCP:
#
# | Source Port | Destination Port | TCP
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# | Sequence Number |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# | Acknowledgment Number |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# | Data | |U|A|P|R|S|F| |
# | Offset| Reserved |R|C|S|S|Y|I| Window |
# | | |G|K|H|T|N|N| |
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#

open(infile,$ARGV[0]) || die("Can't open input file\n");
$if=$ARGV[1]; # requested interface

$tdelta=0.01;
$oldtimestamp=0;

# skip header
while(read(infile,$record,512)){
$cflag=vec($record,0,16); #non-byte-swapped clock if -1
$cellcount=vec($record,2,8)*256+vec($record,3,8);
$interface=vec($record,4,8)*256+vec($record,5,8);
#printf stderr "$interface\t$cellcount\n";
# Start reading in entries
for ($lccnt = 1; $lccnt <= 17408; $lccnt++) {
read(infile,$record,60) || exit;
if($lccnt > $cellcount){next;}
if(($if ne "") && ($if != $interface)){next;}
$tpcount++;

if($cflag == 0xffff) {
$ts1= vec($record,3,8); $ts2= vec($record,2,8);
}else{
$ts1= vec($record,4,8); $ts2= vec($record,5,8);
}
$clock=($ts1<<8)+$ts2;
if($clock < $oldclock){$clock2++;}
$oldclock=$clock;
$timestamp=(($clock2*65536)+$clock)*0.00000004;

if(vec($record,18,8) == 0x08){
$src = vec($record,8,32);
$dst = vec($record,9,32);
$src1 = vec($record,32,8);
$src2 = vec($record,33,8);
$src3 = vec($record,34,8);
$src4 = vec($record,35,8);
$dst1 = vec($record,36,8);
$dst2 = vec($record,37,8);
$dst3 = vec($record,38,8);
$dst4 = vec($record,39,8);

$plen = vec($record,22,8)*256+vec($record,23,8);
$prot = vec($record,29,8);

$ihl = (vec($record,20,8)&0xf)*4;
$sport = vec($record,$ihl+20,8)*256+vec($record,$ihl+21,8);
$dport = vec($record,$ihl+22,8)*256+vec($record,$ihl+23,8);
#1 (0x01) ICMP protocol
#2 (0x02) IGMP protocol
#4 (0x04) IP over IP
#6 (0x06) TCP protocol
#17 (0x11) UDP protocol
#41 (0x29) IPv6 protocol
if (($prot == 2) || ($prot == 4) || ($prot == 6) || ($prot == 17) ||($prot == 41) ) {
printf"%d\t%d\t%.8f\t%.8f\t%d.%d.%d.%d\t%d.%d.%d.%d\t%d\t%d\t%d\t%d\n",
$interface,$tpcount,$timestamp,$timestamp-$oldtimestamp,
$src1,$src2,$src3,$src4,
$dst1,$dst2,$dst3,$dst4,
$plen,$prot,$sport,$dport;
} # if $prot
#if(($timestamp > ($oldtimestamp+$tdelta)) || ($timestamp < $oldtimestamp)){
#printf stderr "Time delta: $oldtimestamp $timestamp (%s)\n",
#$timestamp-$oldtimestamp;
#}
$oldtimestamp=$timestamp;

#}else{
#$nippcount++;
#printf"%d\t%d\t%.8f\t%.8f\t",$interface,$tpcount,$timestamp,$timestamp-$oldtimestamp;
#for ($j= 0; $j<=19; $j++){printf"%2x ",vec($record,$j,8);}
#printf"\n\t\t\t\t\t\t";
#for ($j=20; $j<=39; $j++){printf"%2x ",vec($record,$j,8);}
#printf"\n\t\t\t\t\t\t";
#for ($j=40; $j<=59; $j++){printf"%2x ",vec($record,$j,8);}
#printf"\n\n";
}
}
}

Now I shud do the following:

1.Plotting (i.e., visualize) the packet size distribution (i.e., probabilities vs. each packet
size used) seen from the packet trace.
2. What is the smallest packet size in the trace?
3. What is the biggest packet size in the trace?
4. You will see prominent modes (peaks in the distribution) in the distribution.
Where are they? What are the probabilities of the modes?

Can anyone help me regarding this?

Terrible, you post your school work verbatim, show no effort to solve the work, and ask for help, terrible.

I asked you what kinda help u can do regarding that..if u can help me its fine if not its fantastic..

I'll give you some help.

My first observation is that this is not the type of assignment that would be given in a beginners Perl course, so my comments are based on that assumption.

Here are some of the problems that I see.

The script is missing these 2 very important pragmas.
use strict;
use warnings;

Nowdays, anyone writing Perl scripts (or teaching Perl programming beyond an intro course) without those pragmas, would be considered by most Perl programmer to be incompetent or at the very least a Perl newbe.

This line has several problems.open(infile,$ARGV[0]) || die("Can't open input file\n");
1) it's using a bareword instead of a lexical var
2) it's not using the 3 arg form of open
3) it's using $ARGV[0] directly without checking if it was defined
4) it doesn't include the filename in the die statement
5) the die statement doesn't include the reason it failed

All vars are global, i.e., none of them were declared with the my keyword to make them lexical vars which would limit there scope.

$if=$ARGV[1]; # requested interfaceHere again, direct usage of the ARGV array without proper error checking as well as a poorly chosen var name and lack of proper whitespace between the vars and the assignment operator.

for ($lccnt = 1; $lccnt <= 17408; $lccnt++) {
Hmm, Why the C stlye for loop?

This is much cleaner, has better readablilty and follows Perl Best Practices.
for my $lccnt ( 1 .. 17408 ) {

# skip header
while(read(infile,$record,512)){
Why the comment "skip header" when code indicates otherwise?

Using read on the filehandle is fine, but in this case I think you'll find that sysopen/sysread would be more efficient.

I'm sure I can come up with other issues, but I'm tired. Overall, I'd give your instructor no better than a C- for the base code that (s)he provided you.

Hey thanx a lot for the help dude..
i have no idea about perl..
My instructor gave that sample code and she said to find out the probabilty which is (frequency of the packet)/(total number of packets) by doing some modifications in the following lines..
$interface,$tpcount,$timestamp,$timestamp-$oldtimestamp,
$src1,$src2,$src3,$src4,
$dst1,$dst2,$dst3,$dst4,
$plen,$prot,$sport,$dport;

I have no idea about that, but she also said that we can do the data processing in anyother language..but perl is preferable..so i want to try that..and finally we have to plot a graph using excel,matlab,gnuplot by taking the file trace into consideration..

so I am seeking your help, if u can help me out then I am very thankful to u..

Based on the fact that this is a homework assignment and the type of question you asked, I can not provide more help than I already have.

However, if you show that you're making a good effort to complete this assignment yourself and can post a specific question along with your code when you get stuck, I might be able/willing to do more.

I asked you what kinda help u can do regarding that..if u can help me its fine if not its fantastic..

Why should anyone here put one moment of effort into helping you when you have so far shown no effort of your own? Think about that before replying.