Assertion aborts in the original kdd feature extractor

[yousefbilal]

I just came here to ask if the original kdd99-feature-extractor works out of the box. I am trying it with a simple pcap file of pings but the program aborts to an assertion assert((eth_type == IPV4 && (ip_proto == TCP || ip_proto == UDP || ip_proto == ICMP)) && "Sniffer returned packet that is not (TCP or UDP or ICMP)");

I commented this assertion and replaced it with if(...) continue; , but another assertion aborts the program assert(conversation != nullptr && "Attempt to add NULL " "conversation to conversation map. Possible unhadnled IP protocol value"); but I can't do anything with this. However, your program worked from the first try on the same pcap file. If you have any idea what is going on here, please let me know.

[mohab-sameh]

Hi @yousefbilal hmm this sounds like a mapping error with the original feature extractor expecting some different pcap structure. You're saying that you are using the same pcap file so I'm not sure what's the issue here.

Can you try printing out the object that the extractor was attempting to find an IP protocol on? Seems like it's mapping over an incorrect node and returning an error because the IP protocol is the first feature the program tries to extract. But that's just my assumption.

It's been a long time since I used this or AttackBench but it seems that there have been no changes made to the original extractor since I made the prebuilt repo.