1

I download inside tcpdump data of week5-monday of darpa dataset(link)
and download attack list on week 4 and 5 of darpa site(link)

(attack list say on time 04/06/1999 08:11:15 duration 00:00:10 on des ip 172.016.112.050 is tcpreset attack)

I want to find tcpreset attack packet on tcpdum so I open tcpdump with wireshark and filter packets that times between 8:11:15 and 8:11:25 (frame.time>apr 6,1999 8:11:15 and frame.time>apr 6,1999 8:11:25)

problem: I cant find packet with 172.016.11.050 des ip on result!!!

Himanshu
  • 31,810
  • 31
  • 111
  • 133
titiri
  • 1
  • 5

1 Answers1

0

Try giving a minute gap.

During the 1999 evaluations, a 1 minute gap was given to give chance for IDSs to detect attacks during week 2 for labeled attacks.

Stephan
  • 41,764
  • 65
  • 238
  • 329
Sweebo
  • 326
  • 1
  • 2
  • 9