ANT software

The ANT project provides software for Packet Trace Analysis and Anonymization, IPv4 Census and Survey Analysis and Visualization, DNS Analysis and Privacy, DNS Experimentation, Security, Tools, and External.

Packet Trace Analysis and Anonymization

  • ANT spectrum A Spectrum Analysis tool package, including sample input/output files. This package requires the fftw library.
  • cryptopANT CryptopANT is a C library for IP address anonymization using crypto-PAn algorithm, originally defined by Georgia Tech. The library supports anonymization and de-anonymization (provided you possess a secret key) of IPv4, IPv6, and MAC addresses. The software release includes sample utilities that anonymize IP addresses in text, but we expect most use of the library will be as part of other programs. The Crypto-PAn anonymization scheme was developed by Xu, Fan, Ammar, and Moon at Georgia Tech and described in "Prefix-Preserving IP Address Anonymization", Computer Networks, Volume 46, Issue 2, 7 October 2004, Pages 253-272, Elsevier. Our library is independent (and not binary compatible) of theirs.
  • dag scrubber Dag Scrubber is our tool for scrubbing packets of user data and optionally doing IP address anonymization. It supports both pcap and ERF format ("dag", giving the legacy name).
  • dag trace generator The DAG Trace generator is a collection of tools for parsing a DAG formatted packet header trace. (Please see the enclosed README for instructions.)
  • LANDER Trace Software LANDER Trace Capture software handles for packet capture, scrubbing, and triggering user-provided scripts
  • stream_merger Stream merger is a tool to merge multiple traffic streams by feeding them through a FIFO/Drop tail queue and adjusting packet timing due to queueing. Its input is several packet trace files. The output is a single merged packet trace.
  • mtracecap A utility for capturing packets concurrently on several network devices and saving output in a single file while making an effort to minimize packet reordering in the output. This tool allows breaking output into multiple files based on size and time and compressing it on the fly by piping to a separate compression process.

IPv4 Census and Survey Analysis and Visualization

  • icmptrain Rapid probing of IPv4.
  • icmptrain-hadoop-reader A plugin for Hadoop that parses icmptrain output from our ipv4 censuses and surveys.
  • IP Hitlist Generation We have developed a set of map/reduce processing scripts that run in Hadoop to consume our Internet address censuses and output hitlists. (This scripts depend on our internal Hadoop configuration and so will require some modification to work elsewhere, but we make them available and encourage feedback about their use.)
  • lonlat2color For geolocation of IP address maps we needed to convert (lon, lat) to color in HSL and RGB color schemes. We provide Perl and Python implementations.
  • print_datafile A command-line tool that prints icmptrain output from our ipv4 censuses and surveys.

DNS Analysis and Privacy

  • ant_rdns_crawler The ANT RDNS crawler discovers reverse DNS names for the entire IPv4 space, quickly, politely, and correctly.
  • digit Digit is a client query tool for T-DNS (DNS with TCP and TLS), designed to measure performance.
  • dnsanon extract DNS traffic from pcap to text with optionally anonymization
  • dnsanon_rssac Dnsanon_rssac is an implementation of RSSAC-002v2 processing for DNS statistics
  • tdns-client-proxy Tdns-client-proxy is a client-side proxy for DNS, designed to run on a computer taking UDP in and sending it privately with T-DNS to a remote recursive resolver
  • tdns-server-proxy Tdns-server-proxy is a server-side proxy for DNS. It listens to incoming private T-DNS (with TCP and TLS) and turns it back into UDP queries to a local DNS resolver
  • T-DNS support for unbound patch Unbound patches add STARTTLS handling to incoming unbound queries (but not outgoing T-DNS)
  • verfploeter/packetcapr A packet capturer and forwarder for active measurement of anycast catchements.
  • verfploeter/pinger A pinger for active measurement of anycast catchements.
  • verfploeter/pingextract A ping analyzer for active measurement of anycast catchements.

DNS Experimentation


  • AuntieTuna Chrome browser extension to detect phishing websites


  • antlink Manage a tree of git or other VC repositories with funky symlinks
  • babarchive Manage babarchives, checksumed directory trees that can be validated
  • content-reuse-detection source code for content reuse detection paper
  • timefind and indexer Software to handle indexing and selection of multiple network data types based on a given time range.


  • libtrace libtrace is a library for packet trace processing
  • rejwreply rejwreply is a linux kernel patch set that adds echo-reply as a new feedback type in iptable REJECT rule.