# L2 Capture File Analysis

## Data Structures

The data structures used in the L2 capture files are defined as follows:

### `captured_packet_t`

```c
typedef struct {
    uint64_t timestamp;
    uint8_t src_mac[6];
    uint8_t dst_mac[6];
    int8_t rssi;
    uint8_t channel;
    uint16_t payload_len;
} captured_packet_t;
```

### `file_header_t`

```c
typedef struct {
    char identifier[4];   // e.g., "L2PK"
    uint32_t version;     // e.g., 1
    uint64_t start_time;  // Unix timestamp when capture started
    uint8_t wifi_mac[6];  // Wi-Fi MAC address
    uint8_t bt_mac[6];    // Bluetooth MAC address
} file_header_t;



In [13]:
from datetime import datetime
import struct
import pandas as pd

In [14]:
file_header_format = '4sI Q 6s 6s'
captured_packet_format = 'q 6s 6s b B H'

file_header_size = struct.calcsize(file_header_format)
captured_packet_size = struct.calcsize(captured_packet_format)

In [15]:
def format_mac_address(mac_bytes):
    """Format MAC address bytes into standard MAC address string format like XX:XX:XX:XX:XX:XX."""
    return ':'.join(f'{byte:02X}' for byte in mac_bytes)

In [16]:
def parse_capture_file(filename):
    captured_data = []

    with open(filename, 'rb') as f:
        # Read and parse the file header
        file_header_data = f.read(file_header_size)
        file_header = struct.unpack(file_header_format, file_header_data)

        identifier = file_header[0].decode('utf-8')
        version = file_header[1]
        start_time = file_header[2]
        wifi_mac = format_mac_address(file_header[3])
        bt_mac = format_mac_address(file_header[4])

        print("File Header:")
        print(f"  Identifier: {identifier}")
        print(f"  Version: {version}")
        print(f"  Start Time: {start_time}")
        print(f"  Wi-Fi MAC: {wifi_mac}")
        print(f"  Bluetooth MAC: {bt_mac}")

        # Read and parse each captured packet
        print("\nCaptured Packets:")
        packet_index = 1
        while True:
            packet_data = f.read(captured_packet_size)
            if len(packet_data) < captured_packet_size:
                break  # End of file

            packet = struct.unpack(captured_packet_format, packet_data)
            timestamp = packet[0]
            src_mac = format_mac_address(packet[1])
            dst_mac = format_mac_address(packet[2])
            rssi = packet[3]
            channel = packet[4]
            payload_len = packet[5]

            print(f"Packet {packet_index}:")
            print(f"  Timestamp: {timestamp}")
            print(f"  Source MAC: {src_mac}")
            print(f"  Destination MAC: {dst_mac}")
            print(f"  RSSI: {rssi}")
            print(f"  Channel: {channel}")
            print(f"  Payload Length: {payload_len}")

            packet_index += 1


In [17]:
# Function to create a pandas DataFrame from the captured data
def create_dataframe(captured_data):
    return pd.DataFrame(captured_data)

In [18]:
capture_file_path = '../data/10_06_1C_86_5A_A4/20241111192158_l2.bin'

parse_capture_file(capture_file_path)
# df = create_dataframe(data)
# df

File Header:
  Identifier: L2PK
  Version: 1
  Start Time: 1731345514
  Wi-Fi MAC: 10:06:1C:86:5A:A4
  Bluetooth MAC: 10:06:1C:86:5A:A6

Captured Packets:
Packet 1:
  Timestamp: 1731345514
  Source MAC: 00:00:00:00:28:F7
  Destination MAC: FB:3F:FF:FF:FF:FF
  RSSI: -83
  Channel: 1
  Payload Length: 267
Packet 2:
  Timestamp: 1731345514
  Source MAC: 00:00:00:00:28:F7
  Destination MAC: FB:3F:FF:FF:FF:FF
  RSSI: -66
  Channel: 1
  Payload Length: 267
Packet 3:
  Timestamp: 1731345514
  Source MAC: 00:00:00:00:28:F7
  Destination MAC: FB:3F:FF:FF:FF:FF
  RSSI: -65
  Channel: 1
  Payload Length: 269
Packet 4:
  Timestamp: 1731345514
  Source MAC: 00:00:00:00:28:F7
  Destination MAC: FB:3F:FF:FF:FF:FF
  RSSI: -66
  Channel: 1
  Payload Length: 273
Packet 5:
  Timestamp: 1731345514
  Source MAC: 00:00:00:00:28:F7
  Destination MAC: FB:3F:FF:FF:FF:FF
  RSSI: -67
  Channel: 1
  Payload Length: 269
Packet 6:
  Timestamp: 1731345514
  Source MAC: 00:00:00:00:28:F7
  Destination MAC: FB:3F:FF:F

IOPub data rate exceeded.
The Jupyter server will temporarily stop sending output
to the client in order to avoid crashing it.
To change this limit, set the config variable
`--ServerApp.iopub_data_rate_limit`.

Current values:
ServerApp.iopub_data_rate_limit=1000000.0 (bytes/sec)
ServerApp.rate_limit_window=3.0 (secs)

