Tools for adding training data to the database

import_connections.pl
This script can import connections and associated packets from a connections description file and a tcpdump file.  The default names for the files are tcpdump.list and outside.tcpdump, respectively.  To edit these or other parameters (like the name, user and password for the database) edit the variables at the beginning of the script.

The connections description file should be in the format used by the DARPA training data sets.  See the README.formats file in the DARPA data documentation for details.  This is available at <http://www.ll.mit.edu/SST/ideval/data/1998/1998_data_index.html>.

Note that we've found the timestamps in the DARPA data differ between the connection list files and tcpdumps.  The difference was a number of hours exactly (often 4 hours).  You should check to make sure you have the right difference before starting an import.

To import data with this script, make sure the script is in the directory containing the "tcpdump.list" and "outside.tcpdump" files, and run the command
	> ./import_connections.pl

import_packets.pl
You can use this script to import data from a tcpdump file as if it had come from actual network traffic.  As with import_connections.pl, set the relevent parameters in the variables at the beginning of the script.  The default name for the tcpdump file is "outside.tcpdump".

To use the script, make sure it is in the directory containing the "outside.tcpdump" file and run the command
	> ./import_packets.pl
