bazz-066
commented
6 years ago It's to adjust the time in the xml files to the time in pcap files. As my computer uses BST, I found out that they have 4 hours difference, I'm not sure what the timezone the author of ISCX used though. I also give 10 minutes spare as the time in the XML are not really accurate, so 10 minutes before and after should be fine.
I haven't checked the number of attack packets with the sum of flows in the xml files, but I compared the result to Wireshark and they gave the same results. If you can provide an example maybe I can analyse it later.
Hello, I'm confused about the time conversion in iscx_dataset_splitter.py. I know the timestamps are different in pcap file and xml file, but I wonder why you minus 4 hours spare 10 minutes before and after the written time. Besides, I found that the number of attack packets extracted are different from the sum of flows in the xml files. Could you explain this problem? Thanks a lot!