LANDER:DITL B Root message question-20170411 From Predict README version: 8798, last modified: 2018-05-8. This file describes the trace dataset "DITL_B_Root_message_question-20170411" provided by the LANDER project. Contents • 1 LANDER Metadata • 2 Dataset Contents • 3 File Format • 4 B-Root Address • 5 Citation • 6 Results Using This Dataset • 7 User Annotations LANDER Metadata ┌───────────────────────────┬────────────────────────────────────────────────────────────────────────────────────┐ │ dataSetName │ DITL_B_Root_message_question-20170411 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ status │ usc-web-and-predict │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ shortDesc │ B root traffic for DITL 2017 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ longDesc │ This is a collection of DNS requests host-only anonymized IP collected at B root. │ │ │ DNS payload is parsed and saved in a text form. For a datasets containing raw PCAP │ │ │ data, please see a companion dataset LANDER:DITL_B_Root-20170411. The data was │ │ │ collected as part of Day in the Life of the Internet effort (DITL). │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ datasetClass │ Quasi-Restricted │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ commercialAllowed │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ requestReviewRequired │ true │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ productReviewRequired │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ ongoingMeasurement │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ submissionMethod │ Upload │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ collectionStartDate │ 2017-04-11 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ collectionStartTime │ 11:00:00 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ collectionEndDate │ 2017-04-13 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ collectionEndTime │ 12:00:00 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ availabilityStartDate │ 2018-05-21 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ availabilityStartTime │ 00:00:00 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ availabilityEndDate │ 2030-01-01 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ availabilityEndTime │ 00:00:00 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ anonymization │ cryptopan/host │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ archivingAllowed │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ keywords │ category:dns-data, subcategory:anonymized-dns-data, DITL │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ format │ pcap │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ access │ https │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ hostName │ USC-LANDER │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ providerName │ USC │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ groupingId │ │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ groupingSummaryFlag │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ retrievalInstructions │ download │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ byteSize │ 213716566016 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ expirationDays │ 14 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ uncompressedSize │ 1701532853847 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ impactDoi │ │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ useAgreement │ dua-ni-160816 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ irbRequired │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ privateAccessInstructions │ See http://www.isi.edu/ant/traces/index.html#getting_datasets for information on │ │ │ obtaining this dataset. │ │ │ See │ └───────────────────────────┴────────────────────────────────────────────────────────────────────────────────────┘ Dataset Contents This data was captured at the B-Root DNS server. It should represent all traffic to B-Root over this time period.     DITL_B_Root_message_question-20170411.README.txt     copy of this README     lander_br_message_question/          YYYYMMDD-HHMMSS-NNNNNNNN.{lax,mia}.message_question.fsdb.xz     data files          ...     .sha1sum     SHA-1 checksum Data files are named by the timestamp of the first packet in the trace (all times are in UTC): YYYYMMDD-HHMMSS-NNNNNNNN.SITE.message_question.fsdb.xz (or .bz2) where SITE: lax means the file was captured at LAX b-root anycast site mia means the file was captured at MIA b-root anycast site (if SITE is unspecified, the data was captured at LAX) YYYY is year (2017) MM is month (04) DD is day of the month HH is hour (00-23) MM is minutes (00-59) SS is seconds (00-59) NNNNNNNN is a sequence number All data files are text (FSDB) format, compressed with XZ (earlier datasets may have BZIP compression). IP addresses are host-only anonymized, so the top 24 bits are unchanged and the bottom 24 bits are prefix-preserving anonymized using Cryptopan. The file ".sha1sum" contains SHA1 checksums of individual compressed files. The integrity of the distribution thus can be checked by independently calculating SHA1 sums of files and comparing them with those listed in the file. If you have the sha1sum utility installed on your system, you can do that by executing: sha1sum --check .sha1sum This has to be done before files are uncompressed. File Format Data files are the output of dnsanon utility. All data files are compressed text (FSDB). Columns are tab-separated and are as follows: Header Description msgid Incrementing integer counter within the FSDB file time timestamp of query srcip Source IP address srcport Source port dstip Destination IP address dstport Destination port protocol Protocol used (udp or tcp) id The ID field from the DNS packet qr boolean indicating the message was a Query (0) or response (1) opcode The DNS operation code value aa The Authoritative Answer flag tc The Truncated flag rd The Recursion Desired flag ra The Recursion Available flag z The (should be unused) z flag ad The Authenticated bit (DNSSEC validating resolvers set this) cd The Cache Disabled flag rcode The response code qdcount The number of records in the query section (should always be 1) ancount The number of records in the answer section nscount The number of records in the authoratative section arcount The number of records in the additional section edns_present Boolean: 1 if the EDNS0 record was present in the additional section edns_udp_size The max msg size accepted field from the EDNS0 record edns_extended_rcode The extended rcode field from the EDNS0 record edns_version The EDNS0 version number from the EDNS0 record edns_z The Z flag from the EDNS0 record msglen The length of the packet name The QName from the query section of the packet type DNS query type (e.g. A, AAAA, PTR, NS, etc) class DNS query class (e.g. IN, CH, ANY) B-Root Address Since all IPv4 addresses have lowest 8 bit anonymized, the IP address of B-Root is likely to be different from the actual B-Root address (192.228.79.201---now it is 199.9.14.201). For this dataset the B-Root address was anonymized to: 192.228.79.193. All IPv6 addresses have lowest 63 bits anonymized. The actual ipv6 address of B-Root 2001:500:84::b has not been anonymized. Citation If you use this trace to conduct additional research, please cite it as: Day In the Life of The Internet (DITL) April, 2015 dataset, IMPACT ID: USC-LANDER/DITL_B_Root_message_question-20170411/rev8798 . Provided by USC/B-Root Operations with USC/LANDER project http://www.isi.edu/ant/lander. Results Using This Dataset None yet. User Annotations Currently no annotations. Categories: • LANDER • LANDER:Datasets • Datasets