pcap

How to derive KDD99 Features from DARPA pcap file?

六眼飞鱼酱① 提交于 2019-11-27 14:51:45
I have worked recently with the DARPA network traffic packets and the derived version of it used in KDD99 for intrusion detection evaluation. Excuse my limited domain knowledge in computer networks, I could only derive 9 features from the DARPA packet headers. and Not the 41 features used in KDD99. I am intending to continue my work on the UNB ISCX Intrusion Detection Evaluation DataSet. However, I want to derive from the pcap files the 41 features used in the KDD99 and save it in a CSV format. Is there a fast/easy way to achieve this? as it was already been done previously for the KDD99, is

jNetPcap vs Jpcap

跟風遠走 提交于 2019-11-27 03:21:46
问题 wondering any of you can give me a bit of comments + insights please. In term of performance, which one should I use, jNetPcap or Jpcap? Thanks! 回答1: The referenced post contains an admittedly biased opinion by the owner of the jNetPcap project. It is hardly a reliable source for a true comparison. One difference that is obvious between the two projects is that jNetPcap uses JNI for access to native code. PCap4j (http://www.pcap4j.org/) uses JNA for access to native code and a "com.sun" JNA

Complete reconstruction of TCP Session (HTML pages) from WireShark pcaps, any tools for this?

孤街浪徒 提交于 2019-11-27 01:11:51
问题 I wonder if there is a way in wireshark to reconstruct a complete TCP Session (HTML page(s)) if we have wireshark pcaps, can wireshark do the reconstruction? or is there any tool around that can do the reconstruction? Data streamed from a source could be compressed(Gzip) or uncompressed and the end result of reconstruction should be a valid complete HTML page with all of its contents. 回答1: Use justniffer-grab-http-traffic .It is based on justniffer and it is an excellent tool for rebuilding

How to derive KDD99 Features from DARPA pcap file? [closed]

跟風遠走 提交于 2019-11-26 16:56:09
问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 2 months ago . I have worked recently with the DARPA network traffic packets and the derived version of it used in KDD99 for intrusion detection evaluation. Excuse my limited domain knowledge in computer networks, I could only derive 9 features from the DARPA packet headers. and Not the 41 features used in KDD99. I am
订阅 pcap