ANT software

The ANT project provides software for Packet Trace Analysis and Anonymization, IPv4 Census and Survey Analysis and Visualization, DNS Analysis and Privacy, DNS Experimentation, Security, Tools, and External.

Packet Trace Analysis and Anonymization

  • ANT spectrum A Spectrum Analysis tool package, including sample input/output files. This package requires the fftw library.
  • cryptopANT C/C++ Library/tool for IP address anonymization
  • dag scrubber Tool for scrubbing packet traces
  • dag trace generator The DAG Trace generator is a collection of tools for parsing a DAG formatted packet header trace. (Please see the enclosed README for instructions.)
  • ddos_filters/response_filter The DAG Trace generator is a collection of tools for parsing a DAG formatted packet header trace. (Please see the enclosed README for instructions.)
  • LANDER Trace Software LANDER Trace Capture software handles for packet capture, scrubbing, and triggering user-provided scripts
  • stream_merger traffic stream merger
  • mtracecap packet capture tool

IPv4 Census and Survey Analysis and Visualization

DNS Analysis and Privacy

  • ant_rdns_crawler The ANT RDNS crawler discovers reverse DNS names for the entire IPv4 space, quickly, politely, and correctly.
  • digit Digit is a client query tool for T-DNS (DNS with TCP and TLS), designed to measure performance.
  • dnsanon extract DNS traffic from pcap to text with optionally anonymization
  • dnsanon_rssac Dnsanon_rssac is an implementation of RSSAC-002v2 processing for DNS statistics
  • dnsroot-xtables The dnsroot filter for xtables filters for valid top level domains (TLDs).
  • knot_dnsrtt Knot DNSRTT extends Knot to solicit TCP DNS queries for each subnet.
  • tdns-client-proxy Tdns-client-proxy is a client-side proxy for DNS, designed to run on a computer taking UDP in and sending it privately with T-DNS to a remote recursive resolver
  • tdns-server-proxy Tdns-server-proxy is a server-side proxy for DNS. It listens to incoming private T-DNS (with TCP and TLS) and turns it back into UDP queries to a local DNS resolver
  • T-DNS support for unbound patch Unbound patches add STARTTLS handling to incoming unbound queries (but not outgoing T-DNS)
  • verfploeter/packetcapr A pinger for active measurement of anycast catchements.
  • verfploeter/pingextract A ping analyzer for active measurement of anycast catchements.
  • verfploeter/plotter Plot a wordmap showing catchments from verfploeter pcaps or text files.

DNS Experimentation


  • AuntieTuna Chrome browser extension to detect phishing websites
  • IoTSTEED Bot-side defense to IoT-based DDoS attacks from edge router
  • chhoyhopper Moving target defense for ssh with IPv6.


  • antlink Manage a tree of git or other VC repositories with funky symlinks
  • babarchive Manage babarchives, checksummed directory trees that can be validated
  • content-reuse-detection source code for content reuse detection paper
  • rejwreply rejwreply is a linux kernel patch set that adds echo-reply as a new feedback type in iptable REJECT rule.
  • outage_adaptive_geolocation Scripts we run to geolocate our outage_adaptive datasets
  • timefind and indexer Software to handle indexing and selection of multiple network data types based on a given time range.
  • USCthesis a LaTeX style package for writing theses at USC.


  • libtrace libtrace is a library for packet trace processing