DARPA Intrusion Detection Evaluation
1999 Training Data - Week 4
The simulation network normally collected data twenty-two hours a day. The tcpslice program was used to examine the outside tcpdump data files and the actual times of the first and last packet were extracted. These times are shown below.
| First Packet Time | Last Packet Time | |||||||||
| Mon | Mar 29 | 08:00:02 | Tue | Mar 30 | 05:59:57 | |||||
| Tue | Mar 30 | N/A | Wed | Mar 31 | N/A | |||||
| Wed | Mar 31 | 08:00:09 | Thu | Apr 1 | 05:59:57 | |||||
| Thu | Apr 1 | 08:00:01 | Fri | Apr 2 | 05:59:49 | |||||
| Fri | Apr 2 | 08:00:00 | Sat | Apr 3 | 05:59:53 | |||||
Monday
| outside tcpdump data | 76,009 Kb | gzipped |
| inside tcpdump data | 87,256 Kb | gzipped |
| Solaris BSM audit data | 3,003 Kb | gzipped |
| NT audit data | 630 Kb | tarred & gzipped |
| Selected directory dumps | 3,512 Kb | tarred & gzipped |
| File system listing & inode record | 7,242 Kb | tarred & gzipped |
Tuesday
| outside tcpdump data | 157,847 Kb | gzipped |
| inside.tcpdump.data | N/A | see errata |
| Solaris BSM audit data | 4,054 Kb | gzipped |
| NT audit data | 13,339 Kb | tarred & gzipped |
| NT audit data | 666 Kb | tarred & gzipped |
| Selected directory dumps | 3,612 Kb | tarred & gzipped |
| File system listing & inode record | 7,292 Kb | tarred & gzipped |
Wednesday
| outside tcpdump data | 158,768 Kb | gzipped |
| inside tcpdump data | 177,223 Kb | gzipped |
| Solaris BSM audit data | 2,756 Kb | gzipped |
| NT audit data | 8,748 Kb | tarred & gzipped |
| NT audit data | 9,678 Kb | tarred & gzipped |
| Selected directory dumps | 3,552 Kb | tarred & gzipped |
| File system listing & inode record | 7,369 Kb | tarred & gzipped |
Thursday
| outside tcpdump data | 196,637 Kb | gzipped |
| inside tcpdump data | 219,701 Kb | gzipped |
| Solaris BSM audit data | 3,093 Kb | gzipped |
| NT audit data | 7,653 Kb | tarred & gzipped |
| NT audit data | 13,327 Kb | tarred & gzipped |
| Selected directory dumps | 3,680 Kb | tarred & gzipped |
| File system listing & inode record | 7,403 Kb | tarred & gzipped |
Friday
| outside tcpdump data | 117,000 Kb | gzipped |
| inside tcpdump data | 87,256 Kb | gzipped |
| Solaris BSM audit data | 3,003 Kb | gzipped |
| NT audit data | 630 Kb | tarred & gzipped |
| Selected directory dumps | 3,621 Kb | tarred & gzipped |
| File system listing & inode record | 7,125 Kb | tarred & gzipped |
Errata.
Tuesday, March 30
Hume's Event logs were collected recently from a backup tape taken after the 4-2 run. There may be Events dated Apr. 24th -- These and any other events not between the specified range of the 4-2 run should be ignored.
There is no "inside.tcpdump" file for this day. Systems will not be held responsible for attacks for which significant evidence of the attack would have been in this file.
top of page