WITS: Local ISP A-I
| Trace Format | PCAP file captured using tcpdump. |
| Volume on Disk | 4 GB |
| Number of Traces | 5 |
| Capture Start (Local) | Tue Nov 2 14:04:18 1999 |
| Capture End (Local) | Wed Nov 10 06:56:16 1999 |
| Total Duration | 4 Days, 21 Hours, 7 Minutes and 23 Seconds |
| Packets Captured | 52 million |
| Total Traffic | 17 GB |
| Contiguity | None |
| Snapping Method | tcpdump snaplen was set to 256 bytes. |
| Rotation Policy | No file rotation. |
| Anonymization | None |
This is a collection of traces taken at a New Zealand ISP using tcpdump on a Linux box located inside the ISP's internal network. Due to NDA requirements, we cannot disclose the name of the ISP, nor can we offer these traces for public download. Each trace is approximately 24 hours in length.
Each trace file is named using the following format: yyyymmdd-HHMMSS.tcpd.gz. The time and date refers to the local time when the capture was started. Both directions are contained within the single trace; however, the pcap format does not contain any information about a packet's direction so it is not possible to ascertain which direction a packet was travelling in the trace.
This traceset does feature some timestamp-related anomalies. The first is that packets that originated from the capture box itself would cause the timestamps to warp backwards due to a problem with the Linux kernel. Another problem is that in the second trace, 19991103-182803.tcpd.gz, the time was reset on the capture box.
Timestamping within the traces themselves was taken using the system clock. As a result, the timing will be affected by clock drift and a lack of sub-microsecond accuracy, particularly considering that these traces were captured back in 1999. Timing accuracy that we take for granted now was not as readily available or widespread as when this traceset was captured.
The tcpdump snaplen was set to 256 bytes. This means that many packets will contain a significant quantity of layer 7 payload. This may make these traces useful for analysing layer 7 protocol behaviour - particularly those protocols that typically send packets shorter than the snap length used here.
The recommended method for processing these traces is to use Libtrace, which we have developed. There are a number of tools included with libtrace such as a packet dumping utility, a trace format converter (for example, to convert to pcap), a trace splitting/filtering tool and a few statistic generators. We suggest you examine the Libtrace Wiki for more details on the Libtrace tools and the library itself.
| Name | Local Start Time | Duration | Total Packets | Compressed Size |
|---|---|---|---|---|
| 19991102-140418.tcpd | Tue Nov 2 14:04:18 1999 | 28:17:08 | 12 million | 1,112 MB |
| 19991103-182803.tcpd | Wed Nov 3 18:28:03 1999 | 21:40:02 | 9 million | 853 MB |
| 19991104-145645.tcpd | Thu Nov 4 14:56:45 1999 | 22:42:46 | 10 million | 872 MB |
| 19991108-091727.tcpd | Mon Nov 8 09:17:27 1999 | 23:40:31 | 10 million | 870 MB |
| 19991109-084844.tcpd | Tue Nov 9 08:48:44 1999 | 22:07:32 | 9 million | 839 MB |