(Sorted by associated publication year, not by trace collection year.)

2023

Investigating Traffic Analysis Attacks on Apple iCloud Private Relay

• Documentation
• ipr_asiaccs23.tar.xz - 1.8 GB
• Publications
  • Ali Zohaib, Jade Sheffey, and Amir Houmansadr. Investigating Traffic Analysis Attacks on Apple iCloud Private Relay. In Proc. of ACM ASIA Conference on Computer and Communications Security 2023. link

2022

Practical Traffic Analysis on Secure Messaging Applications

• GitHub link
• Documentation
• pta-sma.tar.xz - 38 GB

2019

On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention

• Documentation: markdown | html
• foci19_esni.tar.bz2 - 8.9 GB
• Publications
  • Zimo Chai, Amirhossein Ghafari, Amir Houmansadr. On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention. In Proc. of USENIX Workshop on Free and Open Communications on the Internet, 2019. link

2018

DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning

Data (timing and sizes of Tor traffic flows) and code (to parse the flows and build models) from this paper.

• Documentation
• deepcorr.tar.bz2 - 1 GB
• parsing / modeling code
• GitHub link
• Publications
  • Milad Nasr, Alireza Bahramali, Amir Houmansadr. DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning. ACM CCS, 2018. link

2015

Simple Timing Attack on OneSwarm

Patches to enable a simple timing attack on the OneSwarm peer-to-peer data sharing network, a trace of the results of executing this attack, and a Monte Carlo simulation to show the efficacy of this attack at scale. More details are in the paper and accompanying documentation.

(Note that the details of the optimistic ACKing attack are included in the 2011 entry below.)

• Documentation
• oneswarm-timing-attack-simulation.tar.gz - 3 KB
• oneswarm-timing-attack-code.tar.gz - 3 KB
• oneswarm-timing-attack-trace.csv.bz2 - 26 KB
• Publications:
  • George Bissias, Brian Neil Levine, Marc Liberatore, and Swagatika Prusty. Forensic Identification of Anonymous Sources in OneSwarm. IEEE Transactions on Dependable and Secure Computing, 2015. link

2014

Cellular Localization Simulation Code

Matlab code for performing a passive localization attack simulation on the Reality Mining dataset. More details are in the paper and accompanying documentation.

• Documentation
• location-privacy-simulation.tar.gz - 3 KB
• Publications:
  • Keen Sung, Brian Neil Levine, and Marc Liberatore. Location Privacy without Carrier Cooperation. Proceedings of the IEEE Workshop on Mobile System Technologies (MoST), May 2014. PDF

2013

TCP Packets and Ethernet Frames

A collection of TCP packets and ethernet frames captured locally (and for the former, remotely), including some background traffic. More details are in the paper and accompanying documentation.

• Documentation
• Blocal.tar.gz - 461 MB
• Bremote_house1_linux_cap.tar.gz - 572 MB
• Bremote_house1_linux_tmp.tar.gz - 71 MB
• Bremote_house1_linux_wshark.tar.gz - 51 MB
• Bremote_house1_windows_cap.tar.gz - 2.0 GB
• Bremote_house1_windows_tmp.tar.gz - 17 MB
• Bremote_house1_windows_wshark.tar.gz - 13 MB
• Bremote_houses2-to-8.tar.gz - 81 MB
• Publications:
  • Sookhyun Yang, Jim Kurose, and Brian Neil Levine. Disambiguation of Residential Wired and Wireless Access in a Forensic Setting. Proceedings of the IEEE INFOCOM Mini-Conference, April, 2013. PDF

Cellular Phone GPS, Signal Strength, and TCP Data

A collection of TCP (pcap) and GPS/signal strength (gpx) traces. The files were generated by streaming music to mobile phones in the Amherst area. The traces contain only the TCP headers, and not the payload. More details are in the paper and accompanying documentation.

• Documentation
• cellular_localization_gpx.tar.xz - 3.1 MB
• cellular_localization_pcap_A.tar.xz - 571 MB
• cellular_localization_pcap_B.tar.xz - 148 MB
• cellular_localization_pcap_C.tar.xz - 416 MB
• cellular_localization_pcap_D.tar.xz - 108 MB
• Publications:
  • Hamed Soroush, Keen Sung, Erik Learned-Miller, Brian Neil Levine, and Marc Liberatore. Disabling GPS is Not Enough: Cellular location leaks over the Internet. Proceedings of the Privacy Enhancing Technologies Symposium (PETS), July 2013. PDF

2011

Optimistic TCP ACKing

A collection of traces of well-behaved and overly-optimistic TCP ACKing file retrievals. The files were retrieved either from a directly-connected host, or proxied by that host. The traces include only the TCP headers, and not the payload. Also available is the code necessary to reproduce the measurements. More details are in the paper and README.

• Documentation
• optack-traces.tar.xz - 69 MB
• optack-code.tar.bz2 - 36 KB
• Publications:
  • Swagatika Prusty, Brian Neil Levine, and Marc Liberatore. Forensic Investigation of the OneSwarm Anonymous Filesharing System. Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011). PDF

2008

DieselNet Fall 2007

These traces were collected in UMass DieselNet in the months October-November 2007. See the documentation and related publication for details.

• Documentation
• release.tar.gz - 57MB
• Publications:
  • Relays, Base Stations, and Meshes: Enhancing Mobile Networks with Infrastructure. Nilanjan Banerjee, Mark D. Corner, Don Towsley, and Brian Neil Levine. In Proceedings of ACM MobiCom, San Francisco, CA, USA, September 2008.

DieselNet Fall 2007 - AP Connectivity

This set of traces were collected from UMass DieselNet during the Fall semester of 2007. The traces contain connection times and durations between two buses and between a bus and an AP.

• Documentation
• mobicom-traces.tar.gz - 2.6MB
• Publications:
  • Aruna Balasubramanianm Brian Neil Levine and Arun Venkataramani, “Enabling Interactive Applications for Hybrid Networks” in Proceedings of ACM Mobicom, September 2008. PDF

DieselNet Vifi - AP Connectivity from a bus

This set of DieselNet traces were compiled in December 2007 and contains the connection quality between one bus and APs on the road. The connection quality is measured using AP beacons heard by the bus on a per second granularity.

• Documentation
• release.zip - 6.3MB
• Publications:
  • Aruna Balasubramanian, Ratul Mahajan, Arun Venkataramani, Brian Neil Levine and John Zahorjan, “Interactive WiFi Connectivity for Moving Vehicles”, Proc. ACM Sigcomm 2008. PDF

YouTube Traces From the Campus Network

A collection of traces from a campus network measurement on YouTube traffic. This collection contains trace data about user requests for specific YouTube content. Detailed information about the measurement setup and procedure can be found in the paper below. The data covers a measurement period between June 2007 and March 2008.

• Documentation
• youtube_traces.tgz
• Publications:
  • Michael Zink, Kyoungwon Suh, Yu Gu and Jim Kurose, “Watch Global Cache Local: YouTube Network Traces at a Campus Network - Measurements and Implications”, 2008 IEEE MMCN. pdf

2007

DieselNet Throwbox - Summer 2006

The trace was collected during the throwbox deployment in UMass DieselNet in Summer 2006. The traces contain bus-bus transfer records and bus-throwbox transfer records. See the documentation for details:

• Documentation
• DieselNetThrowbox.tar.gz
• Publications:
  • An Energy-Efficient Architecture for DTN Throwboxes. Nilanjan Banerjee, Mark D. Corner, Brian Levine. In Infocom 2007.

DieselNet - Access Point Connectivity

This trace was collected during the DieselNet deployment in Spring 2007 characterizing connection between a bus and an open access point.

• Documentation
• APConnectivitySpring2007.zip
• Publications:
  • Aruna Balasubramanian, Yun Zhou, W. Bruce Croft, Brian. N. Levine and Arun Venkataramani,”Web Search From a Bus” ACM Mobicom Workshop on Challenged Networks (CHANTS 07), Montreal, Canada, Sept 2007.

DieselNet - Spring 2007

This set of traces were collected from UMass DieselNet during the spring semester of 2007. See the documentaion and related publication for details.

• Documentation
• DieselNetSpring2007.tgz
• Publications:
  • Aruna Balasubramanianm Brian Neil Levine and Arun Venkataramani, “DTN Routing as a Resource Allocation Problem” in Proceedings of ACM Sigcomm, August 2007. PDF

DieselNet - Spring 2006

This set of traces were collected from UMass DieselNet during the spring semester of 2006. In addition to the bus-to-bus transfer records, the traces also include the bus-to-AP checkin records, and dispatching records (bus id to shift mapping). See the documentaion and related publication for details.

• Documentation
• DieselNetTraces.tgz
• Publications:
  • Study of a Bus-Based Disruption Tolerant Network: Mobility Modeling and Impact on Routing. Xiaolan Zhang, Jim Kurose, Brian Levine, Don Towsley, and Honggang Zhang, ACM MobiCom 2007.

Long-distance 802.11 point-to-point links

A collection of traces from a wireless measurement with directional antennas. Contains Iperf throughput data, tcdump traces and wireless signal strength information. Detailed information about the measurement setup and the configuration of the wireless links can be found in the documentation below.

• Technical Report
• Measurement Study
• wireless_traces.tar.gz - 1.5 GB

2006

DieselNet - Spring 2005

UMass DieselNet: A Bus-based Disruption Tolerant Network. This is a network operating between approximately 30 of the 40 buses running routes serviced by UMassTransit; schedules and routes may be found here. This set of DieselNet logs was compiled during the Spring semester of 2005. The full trace description is available below.

• Documentation
• UMassDieselNet_Spring2005.tar.gz - 626K
• Publications:
  • John Burgess, Brian Gallagher, David Jensen, Brian Neil Levine, MaxProp: Routing for Vehicle-Based Disruption-Tolerant Networking, IEEE Infocom 2006. April 2006. PDF

Gateway Link 2 Trace

Gateway link trace from gigabit ethernet connection entering UMass. The trace contains anonymized packet headers for all non-Internet2 traffic. A full description of the trace format and the utilities to parse the binary files are available with the documentation.

• Documentation
• skype-relay-detection.tgz - 14 GB (How to get access)
• Publications:
  • Kyoungwon Suh, Daniel R. Figueredo, Jim Kurose, Don Towsley, “Characterizing and detecting Skype-relayed traffic”, Proceedings of IEEE INFOCOM, 2006. ftp://gaia.cs.umass.edu/pub/Suh06_skyperelay.pdf

Gateway Link 4 Trace

Gateway link trace from gigabit ethernet connection entering UMass. The trace contains anonymized packet headers for non-Internet2 traffic sourced from/destined to the hosts connected to public wireless access points (AP) and computer science network at UMass campus. A full description of the trace format and the utilities to parse the binary files are available with the documentation.

• Documentation
• wireless-ap-detection.20061013-1020.tgz - 6.3 GB (How to get access)
• Publications:
  • Wei Wei, Kyoungwon Suh, Bing Wang, Yu Gu, Jim Kurose, Don Towsley, “Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-Pairs, ACM SIGCOMM 2007.

UPRM Wireless Traces

A collection of wireless traces from the University of Puerto Rico. Contains wireless signal strength measurements for Dell and Thinkpad laptops. Tests were performed over distances of 500 feet and one mile. Data is presented in .cap files giving TCP dump packet headers.

These traces were gathered as part of an undergraduate course taught by Jim Kurose and Mike Zink. See http://www-net.cs.umass.edu/cs496a/ for details.

• Documentation
• uprm-wireless.tar.gz - 91 MB

WebIdent 2 Traces

A collection of traces of web requests and responses over an encrypted SSH tunnel. The collection spans traces of connections to 2000 sites, collected four times a day over several months from February 2006 through April 2006. Each connection was encrypted; the traces include only the TCP headers, and not the payload. More details are in the paper and README.

• Documentation
• pcap-logs-0.tar.bz2 - 672 MB
• pcap-logs-1.tar.bz2 - 626 MB
• pcap-logs-2.tar.bz2 - 630 MB
• pcap-logs-3.tar.bz2 - 640 MB
• pcap-logs-incomplete.tar.bz2 - 107 MB
• Publications:
  • Marc Liberatore and Brian Neil Levine, Inferring the Source of Encrypted HTTP Connections. Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS 2006). PDF

2005

Gateway Link 1 Trace

Gateway link trace from gigabit ethernet connection entering UMass. The trace contains anonymized packet headers for all non-Internet2 traffic. A full description of the trace format and the utilities to parse the binary files are available with the documentation.

• Documentation
• trace.tgz - 382 MB (How to get access)
• Publications:
  • Kyoungwon Suh, Yang Guo, Jim Kurose, Don Towsley, “Locating Network Monitors: Complexity, Heuristics, and Coverage”, Journal of Computer Communications, a special issue on Monitoring and Measurements of IP Networks, Elsevier, 2005. PDF
  • Wei Wei, Sharad Jaiswal, Jim Kurose, Don Towsley “Identifying 802.11 Traffic from Passive Measurements Using Iterative Bayesian Inference” To appear in Infocom 2006. PDF
  • More related publications are available here.

Gateway Link 3 Trace

This is a collection of traces taken at the UMASS OIT gateway router. The traces are collected every morning from 9:30 to 10:30 from July 9th, 2004 to July 22nd, 2004. They are in DAG format. All the IP addresses have been anonymized with prefix preserving algorithms. Part of the data is used in the paper “Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation” by Yu Gu, Andrew McCallum and Don Towsley. More details are in the paper and README.

• Documentation
• anomaly-detection.20040709-0722.tgz - 12 GB (How to get access)
• Publications:
  • Yu Gu, Andrew McCallum, Don Towsley, “Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation”, Proceedings of the 2005 Internet Measurement Conference (IMC 2005). PDF

WebIdent Traces

A collection of traces of web requests and responses. The collection spans traces of connections to 100 sites, collected hourly over several months from November 2003 through March 2004. Each connection was encrypted; the traces include only the TCP headers, and not the payload. More details are in the paper and README.

• Documentation
• Trace 1: 10/2003 - 224 MB
• Trace 2: 11/2003 - 937 MB
• Trace 3: 12/2003 - 830 MB
• Trace 4: 1/2004 - 305 MB
• Trace 5: 2/2004 - 270 MB
• Trace 6: 3/2004 - 790 MB
• Publications:
  • George Dean Bissias and Marc Liberatore and Brian Neil Levine, Privacy Vulnerabilities in Encrypted HTTP Streams. Proceedings of the Privacy Enhancing Technologies Workshop (PET 2005). PDF

P2P / OpenNap data

The data were collected from a campus network for P2P file sharing based on the OpenNap server. The data consist of records of all the mp3 files shared by and transferred between users during an 81-day period between February 28, 2003 and May 21, 2003. Trace documentation is available below.

• Documentation
• p2p-schema.html
• p2p-data.xml.tgz - 223 MB
• Publications:
  • Fast, A., D. Jensen, B.N. Levine. Creating social networks to improve peer-to-peer networking. Proceedings of the 11th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2005). PDF

2004

BitTorrent Logs

Statistics pages from two large trackers, late 2003 to early 2004. The pages are HTML output from a PHP script, so you will need to parse them yourself to extract useful information. The data is sufficiently anonymized; the tracker did not provide IP address information about connected hosts nor did it provide information about the content of running torrents. Clients are identified using a session-unique 40-character ID, and torrents are uniquely identified using a similar key.

• chunk1.iso - 691 MB
• chunk2.iso - 691 MB
• chunk3.iso - 691 MB
• Publications:
  • Exploring the Use of BitTorrent as the Basis for a Large Trace Repository, Anthony Bellissimo, Prashant Shenoy, and Brian Neil Levine, Technical Report 04-41, Department of Computer Science, University of Massachusetts, June 2004. PDF