CAIDA UCSD Network Telescope Aggregated Flow Dataset (2008-10-01)

Raw data captured by the UCSD Network Telescope are stored in huge pcap files. In order to enable more efficient data storage, processing, and analysis, these hourly pcap files are post-processed using Corsaro software to extract the most important packet header fields and aggregate data into FlowTuple files. The FlowTuple format includes eight fields: source IP address; destination IP address; source port; destination port; protocol; TCP Flags; TTL and IP length. In the hourly FlowTuple output files, the data are broken into 60-second intervals. Within a given interval, each unique key (a unique combination of the FlowTuple fields) observed in the raw pcap data is reported on a separate line in the FlowTuple format followed by the number of packets in this interval whose header fields match this FlowTuple key. Flows are further subdivided into three FlowTuple classes: backscatter, ICMP Request and "other", and the total number of flows in each class is recorded. These data provide opportunities to study network security-related events (DDoS attacks, worms, etc.) For more information see http://www.caida.org/data/passive/telescope-flowtuple.xml