WITS: Auckland I

Trace Format ERF, having been converted from the original DAG 2 format.
Volume on Disk 2 GB
Number of Traces 7
Capture Start (Local) Mon Jul 5 10:37:46 1999
Capture End (Local) Mon Jul 12 14:14:12 1999
Total Duration 6 Days, 23 Hours, 56 Minutes and 21 Seconds
Packets Captured 169 million
Total Traffic 8 GB
Contiguity Small gaps between each trace.
Rotation Policy No genuine rotation policy but traces are approximately 24 hours long.

This is a collection of long traces taken using a pair of DAG 2 cards at the University of Auckland. The traces were targeted at 24 hour runs but the XILINX image used on the DAG cards did not support fast interrupts nor reliably reading the PPS timestamp register which meant the timing was not GPS synchronized. This probably accounts for the slight variations in trace duration and should be also be taken into account when performing analysis that relies on the timestamps within the packets.

Unfortunately, documentation about this traceset and how it was captured is minimal particularly because it has not been previously released to the public (to our knowledge, at least). We assume that the capture point was installed in a similar location to Auckland II but we cannot confirm that for certain.

The traces were originally captured using a very early DAG format, which libtrace does not understand. We decided it would be easiest if we simply converted this traceset into the modern ERF format, so the traces described here are the ERF conversions of the original traces. We still have copies of the traces in their original format. One advantage of the ERF conversion is that we have combined together the originally separate traces for each direction into a single bidirectional trace.

Each trace file is named using the following format: yyyymmdd-HHMMSS.erf.gz. The time and date refers to the local time when the capture was started.

All non-IP traffic has probably been discarded (again, we don't know for sure), in which case there will only be TCP, UDP and ICMP traffic present in the trace. User payload within the 52 byte capture record has not been zeroed in these traces. Additionally, the traces have not been anonymized in any other fashion, although it is likely we will anonymize the contents of any traces that we make available for public download.

The recommended method for processing these traces is to use Libtrace, which we have developed. There are a number of tools included with libtrace such as a packet dumping utility, a trace format converter (for example, to convert to pcap), a trace splitting/filtering tool and a few statistic generators. We suggest you examine the Libtrace Wiki for more details on the Libtrace tools and the library itself.

Name Local Start Time Duration Total Packets Compressed Size
19990705-103746.erf Mon Jul 5 10:37:46 1999 24:00:09 26 million 471 MB
19990706-110050.erf Tue Jul 6 11:00:50 1999 23:59:25 25 million 442 MB
19990707-120643.erf Wed Jul 7 12:06:43 1999 23:59:25 26 million 464 MB
19990708-121553.erf Thu Jul 8 12:15:53 1999 23:59:50 29 million 532 MB
19990709-135339.erf Fri Jul 9 13:53:39 1999 23:59:04 23 million 404 MB
19990710-140354.erf Sat Jul 10 14:03:54 1999 23:58:24 13 million 235 MB
19990711-141408.erf Sun Jul 11 14:14:08 1999 24:00:04 23 million 410 MB