DARPA Intrusion Detection Evaluation
1999 Training Data - Week 3
The simulation network normally collected data twenty-two hours a day. The tcpslice program was used to examine the outside tcpdump data files and the actual times of the first and last packet were extracted. These times are shown below.
| First Packet Time | Last Packet Time | |||||||||
| Mon | Mar 15 | 08:00:02 | Tue | Mar 16 | 06:00:00 | |||||
| Tue | Mar 16 | 08:00:01 | Wed | Mar 17 | 06:00:00 | |||||
| Wed | Mar 17 | 08:00:03 | Thu | Mar 18 | 06:00:00 | |||||
| Thu | Mar 18 | 08:00:02 | Fri | Mar 19 | 04:11:44 | |||||
| Fri | Mar 19 | 08:00:03 | Sat | Mar 20 | 01:02:46 | |||||
During the third week of training data the simulation network was brought down early ( 4:00 AM ) during Thursday's run for extended unscheduled maintenance. We do not collect data on weekends so Fridays run stops at midnight on Friday.
Monday
| outside tcpdump data | 194,136 kb | gzipped |
| inside tcpdump data | 213,814 kb | gzipped |
| Solaris BSM audit data | 0 kb | see errata below |
| NT audit data | 10,583 kb | tarred & gzipped |
| Selected directory dumps | 3,312 kb | tarred & gzipped |
| File & inode listing | 6,970 kb | tarred & gzipped |
Tuesday
| outside tcpdump data | 174,427 kb | gzipped |
| inside tcpdump data | 190,597 kb | gzipped |
| Solaris BSM audit data | 0 kb | see errata below |
| NT audit data | 10,521 kb | tarred & gzipped |
| Selected directory dumps | 3,307 kb | tarred & gzipped |
| File & inode listing | 7,239 kb | tarred & gzipped |
Wednesday
| outside tcpdump data | 259,533 kb | gzipped |
| inside tcpdump data | 268,699 kb | gzipped |
| Solaris BSM audit data | 0 kb | see errata below |
| NT audit data | 180 kb | tarred & gzipped |
| Selected directory dumps | 3,444 kb | tarred & gzipped |
| File & inode listing | 7,114 kb | tarred & gzipped |
Thursday
| outside tcpdump data | 70,702 kb | gzipped |
| inside tcpdump data | 87,249 kb | gzipped |
| Solaris BSM audit data | 3,250 kb | gzipped |
| NT audit data | 13,000 kb | tarred & gzipped |
| Selected directory dumps | 3,352 kb | tarred & gzipped |
| File & inode listing | 3,372 kb | tarred & gzipped |
Friday
| outside tcpdump data | 246,625 kb | gzipped |
| inside tcpdump data | 260,075 kb | gzipped |
| Solaris BSM audit data | 2,644 kb | gzipped |
| NT audit data | 167 kb | tarred & gzipped |
| Selected directory dumps | 3,852 kb | tarred & gzipped |
| File & inode listing | 3,406 kb | tarred & gzipped |
Errata.
The BSM audit data from pascal is unavailable for the first three days of the third week. To compensate, an additional three days of data were collected and are available below.
Extra Monday
| outside tcpdump data | 55,314 kb | gzipped |
| inside tcpdump data | 74,894 kb | gzipped |
| Solaris BSM audit data | 2,881 kb | gzipped |
| NT audit data | 479 kb | tarred & gzipped |
| Selected directory dumps | 3,491 kb | tarred & gzipped |
| File & inode listing | 11,155 kb | tarred & gzipped |
Extra Tuesday
| outside tcpdump data | 208,310 kb | gzipped |
| inside tcpdump data | 221,983 kb | gzipped |
| Solaris BSM audit data | 3,507 kb | gzipped |
| NT audit data | 366 kb | tarred & gzipped |
| Selected directory dumps | 3,487 kb | tarred & gzipped |
| File & inode listing | 7,285 kb | tarred & gzipped |
Extra Wednesday
| outside tcpdump data | 355,622 kb | gzipped |
| inside tcpdump data | 359,980 kb | gzipped |
| Solaris BSM audit data | 6,252 kb | gzipped |
| NT audit data | 1,036 kb | tarred & gzipped |
| Selected directory dumps | 3,532 kb | tarred & gzipped |
| File & inode listing | 7,295 kb | tarred & gzipped |
top of page