I am working on DARPA dataset for network intrusion detection system. The DARPA dataset contains tcpdump files for training and testing purpose. Now when I open the file in text editor like wordpad, notepad++, I can't read the output file. How can we read tcpdumfile so that I can save the records in database ?
Asked
Active
Viewed 771 times
1 Answers
0
Well, one way to read it is with, well, tcpdump; that's why they're called tcpdump files, after all.
Another possibility would be to use it with the TShark program that comes with Wireshark; it can be told to write the values of particular protocol fields to the standard output, and you could have a program that reads those values and puts them in a database.
If you want to do this in a Java program, some possibilities are:
- jpcap;
- jNetPcap;
- the jNetWORKS SDK, if I understand what their page for it is saying - that's a commercial product;
- possibly other packet-parsing Java libraries.
One thing that is most definitely NOT a possibility is trying to process the files as text - for example, trying to read them in a text editor - because they're not text files! They're binary files, and the packet data for each packet is also binary, and you'd need code that understands the protocols in order to parse that binary data and extract whatever fields you want to put into the database.