Packet Trace Data Files

About the packet trace files

Trace 1 - trace of all IP protocol suite packets (headers only)
Trace 2 - FTP session (dir, get, put)
Trace 3 - FTP session (mput)
Trace 4 - FTP session (mget)
Trace 5 - TELNET session (headers only)
Trace 6 - SMTP session
Trace 7 - WWW session
Trace 8 - X Window System session

About the packet trace data files

The packet trace data files contain packet traces from an Ethernet segment at Bucknell University. The original traces were generated with the Solaris snoop utility. Some traces were post-processed to remove private data such as passwords from the packets.

Each data file is composed of a fixed header followed by a series of variable-length records. The data for each packet is stored in a separate record. Each record contains a header describing the packet and a timestamp, as well as the contents of one packet. The packets are Ethernet frames, including the source and destination addresses, the protocol type and the frame data.

The data file header consists of 4 32-bit integers, which can be ignored. The fixed header in each record has the format (where an int32 is a 32-bit integer): 

struct rechdr {
    int32 framelen;         /* length of the frame, as received      */
    int32 tracelen;         /* length of the frame, as saved in file */
    int32 recrdlen;         /* length of entire record, with header  */
    int32 pad;              /* ignore */
    struct timeval {        /* timestamp when packet was received    */
        int32 tv_sec;           /* seconds since 1/1/70              */
        int32 tv_usec;          /* ... and microseconds              */
    } timestamp;
}
The packet data then follows immediately after the data. The following code fragment gives an outline of a program to read and process one of the data files: 
lseek(ifile, 16, SEEK_SET); /* skip file header                      */
                            /* read next record header; quit at EOF  */
while ((i = read(ifile, &hdrbuf, sizeof(struct rechdr))) > 0) {
                            /* read next packet; size of packet is   */
                            /* ... length of record - header         */
    read (ifile, pktbuf, hdrbuf.recrdlen - sizeof (struct rechdr));
    /*
     * process packet here
     */
    }
Note: The code fragment given above was extracted from a program written for Solaris 2.4; you'll need to adapt the code for your local computer.

As mentioned above, some files have had the data removed from the packet records. In the list below, files without data are annotated (headers only). The packet headers can be analyzed and printed, and can be used, for example, to trace the packets exchanged during a TCP a connection or to develop histogram plots based on protocol types. The record header contains the length of the original packet along with the time the packet was received, allowing the computation of network segment load statistics.

The data files are stored in a single directory on the CD. The pathname for this directory is:

Computer system URL
Macintosh NETBOOK:pkttrces
Windows 95 or Windows 3.1 D:/pkttrces
E:/pkttrces
UNIX /cdrom/netbook/pkttrces


Each of the data files listed below has an associated cover page. The cover page for each file has a short description of the contents of the file and the name of the file containing the trace data.

Back to the top of the page...