Submitting traces to the Archive
Traces contributed to the archive should include either a text or
HTML file giving the following information:
A general description of the traffic trace (e.g., "one hour
of all TCP traffic between the University of Southern California
and the rest of the world"; "HTTP server logs for a departmental
Trace format. Preferred formats are
for raw traces, and fixed-column ASCII for reduced traces (such
as is produced by the
scripts). Other binary
formats are acceptable only if accompanied by a program that can read
the format (this program should work on both little- and big-
endian machines, and on machines with different word sizes).
Measurement details. Dates and times spanned by the trace; number of
packets / connections / whatever; the measurement
point (e.g., "DMZ network"; "HTTP server"); capture tool and
hardware; loss/outage information; timestamp resolution;
geographic location; time zone. Any known measurement artifacts.
Security and privacy concerns. In general, traces should be
modified as necessary to preserve the privacy and security of network users.
For example, for packet traces this usually involves stripping
out any keystrokes and perhaps all of the user data. It may also
include renumbering hosts or stripping IP addresses to the network
level, or mapping HTTP requests to unique, opaque identifies.
Archive contributors may find the archive's
sanitize scripts useful for
reducing tcpdump traces for these purposes.
Who captured the trace, how the trace should be acknowledged in
publications, who to contact with questions regarding the trace.
Publications available that have already studied this trace, if any.
Available related software and traces, if any.
Whether the trace may be redistributed without permission, who to contact
All traces in the archive are unrestricted as to what use
may be made of them (for example, there is no requirement that simulations
made using the traces be published in the open literature).
How To Contribute.