Snort mailing list archives
Problem of converting tcpdump.list (.txt) file to pcap format
From: "2014/2015 - Nsabimana Thierry" <thierry.nsabimana () aims-cameroon org>
Date: Sat, 2 Jun 2018 13:29:29 +0100
*Hello everyone,* *I have applied DARPA dataset on my implemented IDS using Soft computing ( Genetic Algorithm and Self Orginized Feature Map) to classify and to detect malicious attacks. I used tcpdump.list (.txt) file which contains normal connections and abnormal connections, and everything was good.* *So, I have tried to apply the same file (** tcpdump.list (.txt)) on Snort IDS but I found that txt file is not compatible with Snort. I googled to the Internet in order to find a converter which can transform txt file to pcap file, I found two command lines: * *1) text2pcap tcpdump.list tcpdump.pcap this actually returns Input from: tcpdump.list Output to: tcpdump.pcap Output format: PCAP Read * *113001 potential packets, wrote 0 packets.* *This command line is just reading but no writing.* *2) * *od -Ax -tx1 -v tcpdump.list | text2pcap -m1460 -T1234,1234 - tcpdump.pcap* *this actually returns the following output:Read 113001 potential packets, wrote 113001 packets (172891316 bytes)* *This command line was at least good but the problem of it, after converting to pcap file, the tcpdump.pcap file contains the same source IP address, the same destination IP address, the same source Port and destination Port, and the same protocal (TCP) for all packets. Some of the packets are posted below:13:03:35.000000 IP 10.1.1.1.1234 > 10.2.2.2.1234: Flags [none], seq 0:1460, win 8192, length 146013:03:35.000001 IP 10.1.1.1.1234 > 10.2.2.2.1234: Flags [none], seq 1460:2920, win 8192, length 146013:03:35.000002 IP 10.1.1.1.1234 > 10.2.2.2.1234: Flags [none], seq 2920:4380, win 8192, length 146013:03:35.000003 IP 10.1.1.1.1234 > 10.2.2.2.1234: Flags [none], seq 4380:5840, win 8192, length 146013:03:35.000004 IP 10.1.1.1.1234 > 10.2.2.2.1234: Flags [none], seq 5840:7300, win 8192, length 146013:03:35.000005 IP 10.1.1.1.1234 > 10.2.2.2.1234: Flags [none], seq 7300:8760, win 8192, length 146013:03:35.000006 IP 10.1.1.1.1234 > 10.2.2.2.1234: Flags [none], seq 8760:10220, win 8192, length 146013:03:35.000007 IP 10.1.1.1.1234 > 10.2.2.2.1234: Flags [none], seq 10220:11680, win 8192, length 1460* *Coud you please help me to find out a good converter ?* *Thank you.* *Thierry* -- *PhD Student In Computer Science* *University of Abomey Calavi, IMSP* *Email: thierry.nsabimana () aims-cameroon org <thierry.nsabimana () aims-cameroon org>* *Email: thierry.nsabimana () imsp-uac org <thierry.nsabimana () aims-cameroon org>* *Tel: +229 61 403 104* *AIMS-CAMEROON ALUMNI *
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Problem of converting tcpdump.list (.txt) file to pcap format 2014/2015 - Nsabimana Thierry (Jun 04)
- Re: Problem of converting tcpdump.list (.txt) file to pcap format Bruno Riccelli (Jun 06)
- <Possible follow-ups>
- Problem of converting tcpdump.list (.txt) file to pcap format 2014/2015 - Nsabimana Thierry (Jun 06)