Skip to content

Program Arguments

Jump to bottom
Jens Keim edited this page Apr 15, 2019 · 2 revisions

Usage:

./id2t -h
./id2t -l
./id2t -i FILEPATH [-a ATTACKNAME [ATTACKPARAMETER...]] [-c FILEPATH] [-d] [-e] [-ie] [-li] [-o FILEPATH] [-p [PLOT]] [-q [QUERY]] [-r] [-rd] [-rn] [-ry] [-s] [-S RNGSEED] [--skip] [-si [SECONDS]] [-t] [-T] [-V]

required arguments:

  • -h, --help
    show the available arguments with a short description and exits.

  • -i FILEPATH, --input FILEPATH
    takes the path to the input PCAP dataset and collects statistics from it. Stores the statistics for each dataset in a statistics database located at ~/home/ID2T_data/db/.

  • -l, --list-attacks
    lists available attacks and their parameters

optional arguments:

  • -a ATTACKNAME [ATTACKNAME ...], --attack ATTACKNAME [ATTACKNAME ...]
    injects a new attack into the given dataset. After the ATTACKNAME a list of parameters can follow, e.g., -a PortscanAttack ip.src=10.2.2.4 mac.src=FD:72:69:16:79:13. Multiple attacks can be provided by using the parameter -a multiple times.

  • -c FILEPATH, --config FILEPATH
    takes the path to the configuration file containing the program arguments. This can be used to provide a predefined configuration instead of supplying the arguments directly in the command line. As an example, see the file config_example in the repository.

  • -d, --debug
    Runs ID2T in debug mode.

  • -e, --export
    exports the statistics as a text file into the dataset directory. The file is named equal as the input dataset but with ending .stat.

  • -ie, --inject_empty
    injects ATTACK into an EMPTY PCAP file, using the statistics of the input PCAP.

  • -li, --list-intervals
    prints all interval statistics tables available in the database

  • -o PCAP_FILE, --output PCAP_FILE
    path to the output pcap file

  • -p format=pdf, --plot format=pdf
    plots the dataset statistics prior attack injection. Saves the resulting file as pdf if format=pdf is given, otherwise the plot is saved as png file.

  • -q [QUERY], --query [QUERY]
    executes the provided QUERY to retrieve values from the statistics database. If no query is provided, the application enters into an interactive query mode allowing the user to provide multiple queries in a REPL-like manner.

  • -r, --recalculate
    forces to recalculate the statistics even if there is an already existing statistics database generated at an earlier program run. This is helpful during development, e.g., if the statistics calculation changed or the database was manually modified.

  • -rd, --recalculate-delete
    recalculate statistics even if a cached version exists. also delete old interval statistics. suppresses (yes, no, delete) prompt.

  • -rn, --recalculate-no
    recalculate statistics even if a cached version exists. does not recalculate old interval statistics, but keeps them. suppresses (yes, no, delete) prompt.

  • -ry, --recalculate-yes
    recalculate statistics even if a cached version exists. also recalculates old interval statistics. suppresses (yes, no, delete) prompt.

  • -s, --statistics
    print general file statistics to stdout.

  • -S RNGSEED [RNGSEED ...], --rndSeed RNGSEED [RNGSEED ...]
    sets rng seed for testing or benchmarking

  • --skip
    skips every initialization right to query mode CAUTION: this will only work if there already is a database

  • -si STATISTICS_INTERVAL [STATISTICS_INTERVAL ...], --statistics_interval STATISTICS_INTERVAL [STATISTICS_INTERVAL ...]
    interval duration in seconds

  • -t, --extraTests
    perform extra tests on the input pcap file, including calculating IP entropyin interval-wise, TCP checksum, and checking payload availability.

  • -T, --time
    measures packet generation time

  • -V, --non-verbose
    reduces terminal clutter

Clone this wiki locally