Assistance Needed for Running Software and Dataset Preparation

[PiotrKontowicz]

Hello,

I hope this message finds you well. I'm reaching out for assistance with running the software, specifically regarding the correct preparation of the dataset. I've encountered an issue, and I believe it may be related to the dataset structure.

Here's the current structure I'm using:

dataset:
 - pcap_files
     - Aria_1.pcap
     - Aria_2.pcap  
     - ...
     - ...
 - pcap_files_test
     - Aria_1.pcap
     - Aria_2.pcap  
     - ...
     - ...

After running the command java -jar SysID.jar -w dataset -p tcp -m 1, a directory named TsharkSelected is created. However, upon inspection, the file inside this directory named tcp is empty. I'm reaching out to seek guidance on how to rectify this issue and successfully run the software.

Your assistance in resolving this matter is greatly appreciated.

Kind regards, Piotr

[ahmetkadiraksoy]

Hi,

You should first create a folder named Shark and place a file called 'tcp' containing Wireshark fields in it such as:

tcp.srcport tcp.dstport tcp.stream tcp.len tcp.hdr_len ...

The code will then create the TsharkSelected folder and the 'tcp' file inside containing filtered fields.

[PiotrKontowicz]

I appreciate your quick response. At the moment, my setup is as outlined below:

dataset:
 - pcap_files
     - Aria_1.pcap
     - Aria_2.pcap  
     - ...
     - ...
 - pcap_files_test
     - Aria_1.pcap
     - Aria_2.pcap  
     - ...
     - ...
 - Tshark
     - tcp (with content tcp.srcport, tcp.dstport... each on new line)

Despite this, the tcp file within the TsharkSelected directory continues to be empty.

[PiotrKontowicz]

I managed to run the program, but now I wonder if it is possible to provide a list of protocols instead of one as presented in the example?

[ahmetkadiraksoy]

You can use any protocol you want. You just need to make sure to add a file containing the fields for that protocol. You may use the following website to determine the actual header field names that Wireshark/tshark accepts.

https://www.wireshark.org/docs/dfref/ Wireshark · Display Filter Reference: Index wireshark.org

On Nov 30, 2023, at 5:39 AM, Piotr @.***> wrote:

I managed to run the program, but now I wonder if it is possible to provide a list of protocols instead of one as presented in the example?

— Reply to this email directly, view it on GitHub https://github.com/ahmetkadiraksoy/sysid/issues/1#issuecomment-1833599414, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC6QSQ76QDR3VHFAU42IMHDYHBV5PAVCNFSM6AAAAAA7Y325DOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMZTGU4TSNBRGQ. You are receiving this because you commented.