WITS: Waikato V

Trace Format ERF, captured using a DAG 3 card.
Volume on Disk 491 GB
Number of Traces 114
Capture Start (Local) Tue Jun 5 17:37:21 2007
Capture End (Local) Wed Sep 12 12:55:43 2007
Total Duration 98 Days, 19 Hours, 18 Minutes and 22 Seconds
Packets Captured 19,710 million
Total Traffic 9,740 GB
Contiguity No gaps whatsoever
Snapping Method Packets truncated four bytes after the end of the transport header, except for DNS
Rotation Policy Daily rotation at Midnight UTC. Also rotate on AES key change.
Anonymization IP addresses anonymized using Crypto-Pan AES encryption.
Download Link

This is a contiguous packet header trace captured at the border of the University of Waikato network. The traces were captured using a single DAG 3 card and the WDCap trace capture software. The version of WDCap used was version 3.0.6 and the Libtrace version was 3.0.1.

The capture point was located between the University's network infrastructure and the commodity Internet. This allowed access to all the traffic that was coming into and exiting the University. However, no internal traffic would have been observed and captured by our capture point. The capture machine performed all the anonymization and truncation before exporting the packets via the network to a second machine. That machine was also running WDCap which would read the packets off the network and write the traces.

Each trace file is named using the following format: yyyymmdd-HHMMSS-[code].gz. The time and date refers to the time in UTC when the first packet in the file was captured. The code refers to the event which caused the previous file to be closed and this new file to be created. Note that new codes have been added in this edition of WDCap.

Codes of interest for this traceset are as follows:

  • 0 - Rotation boundary was reached
  • 1 - Encryption key was changed
  • 4 - The capture process has been restarted

Regular file rotation (code 0) occured daily at Midnight (UTC).

Packet records are truncated four bytes after the end of the transport header except in the case of DNS traffic, which is snapped twelve bytes after the end of the transport header. This means that many packets will contain a small amount of user payload - enough to perform some rudimentary layer 7 analysis without seriously threatening the privacy of the network users. ICMP packets which are truncated after any IP and transport headers that may be present in the packet payload.

The IP addresses contained within the packets have been anonymised using Crypto-Pan AES encryption, which is a prefix-preserving anonymisation method. This means that unanonymised IP addresses that were on the same subnet will also be identifiable as on the same subnet when the addresses are anonymized. We change the encryption key once a week on Sunday midnight (local time). This key change causes a file rotation, with a rotation code of 1.

The TCP and IP checksums have also been validated and anonymized. If the checksum was correct, it has been replaced with 0. If the checksum was incorrect, it has been replaced with 1.

The recommended method for processing these traces is to use Libtrace, which we have developed. There are a number of tools included with libtrace such as a packet dumping utility, a trace format converter (for example, to convert to pcap), a trace splitting/filtering tool and a few statistic generators. We suggest you examine the Libtrace Wiki for more details on the Libtrace tools and the library itself.

Name Local Start Time Duration Total Packets Compressed Size
20070605-053721-0 Tue Jun 5 17:37:21 2007 18:22:39 122 million 3,010 MB
20070606-000000-0 Wed Jun 6 12:00:01 2007 24:00:00 206 million 5,138 MB
20070607-000000-0 Thu Jun 7 12:00:01 2007 24:00:00 216 million 5,387 MB
20070608-000000-0 Fri Jun 8 12:00:01 2007 24:00:00 173 million 4,299 MB
20070609-000000-0 Sat Jun 9 12:00:01 2007 12:00:02 84 million 2,068 MB
20070609-120002-1 Sun Jun 10 00:00:02 2007 11:59:58 42 million 1,036 MB
20070610-000000-0 Sun Jun 10 12:00:01 2007 24:00:00 160 million 3,933 MB
20070611-000000-0 Mon Jun 11 12:00:01 2007 24:00:00 210 million 5,231 MB
20070612-000000-0 Tue Jun 12 12:00:01 2007 24:00:00 205 million 5,073 MB
20070613-000000-0 Wed Jun 13 12:00:01 2007 24:00:00 187 million 4,654 MB
20070614-000000-0 Thu Jun 14 12:00:01 2007 24:00:00 195 million 4,905 MB
20070615-000000-0 Fri Jun 15 12:00:01 2007 24:00:00 158 million 3,954 MB
20070616-000000-0 Sat Jun 16 12:00:01 2007 12:00:01 58 million 1,415 MB
20070616-120001-1 Sun Jun 17 00:00:01 2007 11:59:59 34 million 853 MB
20070617-000000-0 Sun Jun 17 12:00:01 2007 24:00:00 133 million 3,267 MB
20070618-000000-0 Mon Jun 18 12:00:01 2007 24:00:00 202 million 5,120 MB
20070619-000000-0 Tue Jun 19 12:00:01 2007 24:00:00 199 million 5,120 MB
20070620-000000-0 Wed Jun 20 12:00:01 2007 24:00:00 179 million 4,532 MB
20070621-000000-0 Thu Jun 21 12:00:01 2007 24:00:00 189 million 4,729 MB
20070622-000000-0 Fri Jun 22 12:00:01 2007 24:00:00 141 million 3,507 MB
20070623-000000-0 Sat Jun 23 12:00:01 2007 12:00:01 58 million 1,408 MB
20070623-120002-1 Sun Jun 24 00:00:02 2007 11:59:59 34 million 852 MB
20070624-000000-0 Sun Jun 24 12:00:01 2007 24:00:00 115 million 2,833 MB
20070625-000000-0 Mon Jun 25 12:00:01 2007 24:00:00 168 million 4,204 MB
20070626-000000-0 Tue Jun 26 12:00:01 2007 24:00:00 162 million 4,074 MB
20070627-000000-0 Wed Jun 27 12:00:01 2007 24:00:00 167 million 4,189 MB
20070628-000000-0 Thu Jun 28 12:00:01 2007 24:00:00 164 million 4,033 MB
20070629-000000-0 Fri Jun 29 12:00:01 2007 24:00:00 135 million 3,321 MB
20070630-000000-0 Sat Jun 30 12:00:01 2007 12:00:01 53 million 1,290 MB
20070630-120002-1 Sun Jul 1 00:00:02 2007 11:59:59 27 million 684 MB
20070701-000000-0 Sun Jul 1 12:00:01 2007 24:00:00 124 million 3,006 MB
20070702-000000-0 Mon Jul 2 12:00:01 2007 24:00:00 175 million 4,350 MB
20070703-000000-0 Tue Jul 3 12:00:01 2007 24:00:00 186 million 4,736 MB
20070704-000000-0 Wed Jul 4 12:00:01 2007 24:00:00 171 million 4,276 MB
20070705-000000-0 Thu Jul 5 12:00:01 2007 24:00:00 184 million 4,608 MB
20070706-000000-0 Fri Jul 6 12:00:01 2007 24:00:00 167 million 4,220 MB
20070707-000000-0 Sat Jul 7 12:00:01 2007 12:00:02 74 million 1,896 MB
20070707-120002-1 Sun Jul 8 00:00:02 2007 11:59:58 35 million 908 MB
20070708-000000-0 Sun Jul 8 12:00:01 2007 24:00:00 160 million 4,064 MB
20070709-000000-0 Mon Jul 9 12:00:01 2007 24:00:00 203 million 5,121 MB
20070710-000000-0 Tue Jul 10 12:00:01 2007 24:00:00 209 million 5,309 MB
20070711-000000-0 Wed Jul 11 12:00:01 2007 24:00:00 242 million 6,181 MB
20070712-000000-0 Thu Jul 12 12:00:01 2007 24:00:00 231 million 5,913 MB
20070713-000000-0 Fri Jul 13 12:00:01 2007 24:00:00 221 million 5,795 MB
20070714-000000-0 Sat Jul 14 12:00:01 2007 12:00:02 83 million 2,125 MB
20070714-120002-1 Sun Jul 15 00:00:02 2007 11:59:58 43 million 1,099 MB
20070715-000000-0 Sun Jul 15 12:00:01 2007 24:00:00 189 million 4,843 MB
20070716-000000-0 Mon Jul 16 12:00:01 2007 24:00:00 260 million 6,752 MB
20070717-000000-0 Tue Jul 17 12:00:01 2007 24:00:00 265 million 6,998 MB
20070718-000000-0 Wed Jul 18 12:00:01 2007 24:00:00 267 million 7,074 MB
20070719-000000-0 Thu Jul 19 12:00:01 2007 24:00:00 309 million 8,285 MB
20070720-000000-0 Fri Jul 20 12:00:01 2007 24:00:00 233 million 6,062 MB
20070721-000000-0 Sat Jul 21 12:00:01 2007 12:00:01 89 million 2,275 MB
20070721-120001-1 Sun Jul 22 00:00:01 2007 11:59:59 51 million 1,275 MB
20070722-000000-0 Sun Jul 22 12:00:01 2007 24:00:00 189 million 4,796 MB
20070723-000000-0 Mon Jul 23 12:00:01 2007 24:00:00 303 million 7,977 MB
20070724-000000-0 Tue Jul 24 12:00:01 2007 24:00:00 304 million 7,956 MB
20070725-000000-0 Wed Jul 25 12:00:01 2007 24:00:00 255 million 6,722 MB
20070726-000000-0 Thu Jul 26 12:00:01 2007 24:00:00 264 million 6,855 MB
20070727-000000-0 Fri Jul 27 12:00:01 2007 24:00:00 183 million 4,705 MB
20070728-000000-0 Sat Jul 28 12:00:01 2007 12:00:01 86 million 2,185 MB
20070728-120002-1 Sun Jul 29 00:00:02 2007 11:59:59 39 million 981 MB
20070729-000000-0 Sun Jul 29 12:00:01 2007 24:00:00 202 million 5,257 MB
20070730-000000-0 Mon Jul 30 12:00:01 2007 24:00:00 260 million 6,907 MB
20070731-000000-0 Tue Jul 31 12:00:01 2007 24:00:00 252 million 6,456 MB
20070801-000000-0 Wed Aug 1 12:00:01 2007 24:00:00 251 million 6,497 MB
20070802-000000-0 Thu Aug 2 12:00:01 2007 24:00:00 249 million 6,514 MB
20070803-000000-0 Fri Aug 3 12:00:01 2007 24:00:00 201 million 5,216 MB
20070804-000000-0 Sat Aug 4 12:00:01 2007 12:00:01 127 million 3,378 MB
20070804-120001-1 Sun Aug 5 00:00:01 2007 11:59:59 47 million 1,205 MB
20070805-000000-0 Sun Aug 5 12:00:01 2007 24:00:00 198 million 5,039 MB
20070806-000000-0 Mon Aug 6 12:00:01 2007 24:00:00 283 million 7,531 MB
20070807-000000-0 Tue Aug 7 12:00:01 2007 24:00:00 295 million 7,651 MB
20070808-000000-0 Wed Aug 8 12:00:01 2007 24:00:00 306 million 8,145 MB
20070809-000000-0 Thu Aug 9 12:00:01 2007 24:00:00 303 million 8,060 MB
20070810-000000-0 Fri Aug 10 12:00:01 2007 24:00:00 213 million 5,579 MB
20070811-000000-0 Sat Aug 11 12:00:01 2007 12:00:01 115 million 2,996 MB
20070811-120001-1 Sun Aug 12 00:00:01 2007 11:59:59 58 million 1,484 MB
20070812-000000-0 Sun Aug 12 12:00:01 2007 24:00:00 226 million 5,896 MB
20070813-000000-0 Mon Aug 13 12:00:01 2007 24:00:00 269 million 7,002 MB
20070814-000000-0 Tue Aug 14 12:00:01 2007 24:00:00 255 million 6,595 MB
20070815-000000-0 Wed Aug 15 12:00:01 2007 24:00:00 266 million 6,953 MB
20070816-000000-0 Thu Aug 16 12:00:01 2007 24:00:00 266 million 7,085 MB
20070817-000000-0 Fri Aug 17 12:00:01 2007 24:00:00 225 million 6,031 MB
20070818-000000-0 Sat Aug 18 12:00:01 2007 12:00:01 100 million 2,674 MB
20070818-120002-1 Sun Aug 19 00:00:02 2007 11:59:59 54 million 1,401 MB
20070819-000000-0 Sun Aug 19 12:00:01 2007 24:00:00 196 million 4,997 MB
20070820-000000-0 Mon Aug 20 12:00:01 2007 24:00:00 234 million 6,109 MB
20070821-000000-0 Tue Aug 21 12:00:01 2007 24:00:00 211 million 5,474 MB
20070822-000000-0 Wed Aug 22 12:00:01 2007 24:00:00 214 million 5,444 MB
20070823-000000-0 Thu Aug 23 12:00:01 2007 24:00:00 181 million 4,570 MB
20070824-000000-0 Fri Aug 24 12:00:01 2007 24:00:00 188 million 4,891 MB
20070825-000000-0 Sat Aug 25 12:00:01 2007 12:00:02 89 million 2,334 MB
20070825-120002-1 Sun Aug 26 00:00:02 2007 11:59:58 58 million 1,527 MB
20070826-000000-0 Sun Aug 26 12:00:01 2007 24:00:00 163 million 4,150 MB
20070827-000000-0 Mon Aug 27 12:00:01 2007 24:00:00 231 million 5,846 MB
20070828-000000-0 Tue Aug 28 12:00:01 2007 24:00:00 185 million 4,569 MB
20070829-000000-0 Wed Aug 29 12:00:01 2007 24:00:00 192 million 4,851 MB
20070830-000000-0 Thu Aug 30 12:00:01 2007 24:00:00 206 million 5,132 MB
20070831-000000-0 Fri Aug 31 12:00:01 2007 24:00:00 132 million 3,308 MB
20070901-000000-0 Sat Sep 1 12:00:01 2007 12:00:01 64 million 1,649 MB
20070901-120002-1 Sun Sep 2 00:00:02 2007 11:59:59 25 million 613 MB
20070902-000000-0 Sun Sep 2 12:00:01 2007 24:00:00 117 million 2,816 MB
20070903-000000-0 Mon Sep 3 12:00:01 2007 24:00:00 258 million 6,633 MB
20070904-000000-0 Tue Sep 4 12:00:01 2007 24:00:00 226 million 5,794 MB
20070905-000000-0 Wed Sep 5 12:00:01 2007 24:00:00 220 million 5,600 MB
20070906-000000-0 Thu Sep 6 12:00:01 2007 24:00:00 202 million 5,049 MB
20070907-000000-0 Fri Sep 7 12:00:01 2007 24:00:00 200 million 4,958 MB
20070908-000000-0 Sat Sep 8 12:00:01 2007 12:00:01 86 million 2,060 MB
20070908-120002-1 Sun Sep 9 00:00:02 2007 11:59:59 44 million 1,084 MB
20070909-000000-0 Sun Sep 9 12:00:01 2007 24:00:00 192 million 4,795 MB
20070910-000000-0 Mon Sep 10 12:00:01 2007 24:00:00 283 million 7,298 MB
20070911-000000-0 Tue Sep 11 12:00:01 2007 24:00:00 251 million 6,499 MB
20070912-000000-0 Wed Sep 12 12:00:01 2007 0:55:42 15 million 408 MB