ANT software

The ANT project provides software for Packet Trace Analysis and Anonymization, IPv4 Census and Survey Analysis and Visualization, DNS Analysis and Privacy, DNS Experimentation, Security, Tools, and External.

Packet Trace Analysis and Anonymization

  • ANT spectrum A Spectrum Analysis tool package, including sample input/output files. This package requires the fftw library.
  • cryptopANT C/C++ Library/tool for IP address anonymization
  • dag scrubber Tool for scrubbing packet traces
  • dag trace generator The DAG Trace generator is a collection of tools for parsing a DAG formatted packet header trace. (Please see the enclosed README for instructions.)
  • LANDER Trace Software LANDER Trace Capture software handles for packet capture, scrubbing, and triggering user-provided scripts
  • mtracecap packet capture tool
  • stream_merger traffic stream merger

IPv4 Census and Survey Analysis and Visualization

DNS Analysis and Privacy

  • ant_rdns_crawler The ANT RDNS crawler discovers reverse DNS names for the entire IPv4 space, quickly, politely, and correctly.
  • digit Digit is a client query tool for T-DNS (DNS with TCP and TLS), designed to measure performance.
  • ditl DITL Anonymization at B-Root
  • dnsanon extract DNS traffic from pcap to text with optionally anonymization
  • dnsanon_rssac Dnsanon_rssac is an implementation of RSSAC-002v2 processing for DNS statistics
  • dnsroot-xtables The dnsroot filter for xtables filters for valid top level domains (TLDs).
  • knot_dnsrtt Knot DNSRTT extends Knot to solicit TCP DNS queries for each subnet.
  • tdns-client-proxy Tdns-client-proxy is a client-side proxy for DNS, designed to run on a computer taking UDP in and sending it privately with T-DNS to a remote recursive resolver
  • tdns-server-proxy Tdns-server-proxy is a server-side proxy for DNS. It listens to incoming private T-DNS (with TCP and TLS) and turns it back into UDP queries to a local DNS resolver
  • T-DNS support for unbound patch Unbound patches add STARTTLS handling to incoming unbound queries (but not outgoing T-DNS)
  • verfploeter/packetcapr A pinger for active measurement of anycast catchements.
  • verfploeter/pingextract A ping analyzer for active measurement of anycast catchements.
  • verfploeter/plotter Plot a wordmap showing catchments from verfploeter pcaps or text files.

DNS Experimentation


  • AuntieTuna Chrome browser extension to detect phishing websites
  • chhoyhopper Moving target defense for ssh with IPv6.
  • ddidd This repository contains DDiDD software, which decides what filter to activate and deactivate depending on the perceived load on the server. (Please see the enclosed README for instructions.)
  • IoTSTEED Bot-side defense to IoT-based DDoS attacks from edge router


  • antlink Manage a tree of git or other VC repositories with funky symlinks
  • anygility/anygility-peering Tools to build a playbook in peering testbed, parse captured anycast catchment data, and attack traffic
  • anygility/anygility-system Tools for offered load estimation and policy selection using a BGP playbook
  • anygility/anygility-tangled Tools for anycast experiments in Tangled testbed
  • babarchive Manage babarchives, checksummed directory trees that can be validated
  • content-reuse-detection source code for content reuse detection paper
  • outage_adaptive_geolocation Scripts we run to geolocate our outage_adaptive datasets
  • Plumb Plumb is a large-block stream processing system for efficient multi-user pipelines.
  • rejwreply rejwreply is a linux kernel patch set that adds echo-reply as a new feedback type in iptable REJECT rule.
  • timefind and indexer Software to handle indexing and selection of multiple network data types based on a given time range.
  • USCthesis a LaTeX style package for writing theses at USC.


  • libtrace libtrace is a library for packet trace processing