tcpdump mailing list archives

Re: dataset format

From: Guy Harris <guy () alum mit edu>
Date: Tue, 17 Jan 2012 08:52:25 -0800


On Jan 16, 2012, at 11:11 PM, rehaf drar wrote:

my project name is “creating network attack dataset to  aid security and 
network researchers “ this dataset must be include specific type of network 
attack 
I will use pcap format  to save dataset file  and bit twist network 
generator to regenerate  traffic .
i need full description of file content in pcap that we use to save dataset 
of network attack.


If you mean that you need a full description of the pcap file format, then, if you have a UN*X system with a 
sufficiently recent version of libpcap installed, "man pcap-savefile" will describe it, and the page at

        http://wiki.wireshark.org/Development/LibpcapFileFormat?action=show&redirect=Development_2fLibpcapFileFormat

also describes it.

As the absolute latest shiniest version of the pcap-savefile man page (which you probably don't have) and the Wireshark 
Wiki page indicate, the values in the "link-layer header type field" in the file header (called "network" in the data 
structure in the Wireshark Wiki page, with the comment "/* data link type */") are described by the list at

        http://www.tcpdump.org/linktypes.html-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

dataset format rehaf drar (Jan 17)
- Re: dataset format Guy Harris (Jan 17)