The ANT project provides software for
Packet Trace Analysis and Anonymization,
IPv4 Census and Survey Analysis and Visualization,
DNS Analysis and Privacy,
Packet Trace Analysis and Anonymization
A Spectrum Analysis tool package, including sample input/output files. This package requires the fftw library.
CryptopANT is a C library for IP address anonymization using crypto-PAn algorithm, originally defined by Georgia Tech. The library supports anonymization and de-anonymization (provided you possess a secret key) of IPv4, IPv6, and MAC addresses. The software release includes sample utilities that anonymize IP addresses in text, but we expect most use of the library will be as part of other programs. The Crypto-PAn anonymization scheme was developed by Xu, Fan, Ammar, and Moon at Georgia Tech and described in "Prefix-Preserving IP Address Anonymization", Computer Networks, Volume 46, Issue 2, 7 October 2004, Pages 253-272, Elsevier. Our library is independent (and not binary compatible) of theirs.
Dag Scrubber is our tool for scrubbing packets of user data and optionally doing IP address anonymization. It supports both pcap and ERF format ("dag", giving the legacy name).
dag trace generator
The DAG Trace generator is a collection of tools for parsing a DAG formatted packet header trace. (Please see the enclosed README for instructions.)
LANDER Trace Software
LANDER Trace Capture software handles for packet capture, scrubbing, and triggering user-provided scripts
Stream merger is a tool to merge multiple traffic streams by feeding them through a FIFO/Drop tail queue and adjusting packet timing due to queueing. Its input is several packet trace files. The output is a single merged packet trace.
A utility for capturing packets concurrently on several network devices and saving output in a single file while making an effort to minimize packet reordering in the output. This tool allows breaking output into multiple files based on size and time and compressing it on the fly by piping to a separate compression process.
IPv4 Census and Survey Analysis and Visualization
Rapid probing of IPv4.
A plugin for Hadoop that parses icmptrain output from our ipv4 censuses and surveys.
IP Hitlist Generation
We have developed a set of map/reduce processing scripts that run in Hadoop to consume our Internet address censuses and output hitlists. (This scripts depend on our internal Hadoop configuration and so
will require some modification to work elsewhere,
but we make them available and encourage feedback about their use.)
For geolocation of IP address maps we needed to convert (lon, lat) to color in HSL and RGB color schemes. We provide Perl and Python implementations.
A command-line tool that prints icmptrain output from our ipv4 censuses and surveys.
DNS Analysis and Privacy
The ANT RDNS crawler discovers reverse DNS names for the entire IPv4 space, quickly, politely, and correctly.
Digit is a client query tool for T-DNS (DNS with TCP and TLS), designed to measure performance.
extract DNS traffic from pcap to text with optionally anonymization
Dnsanon_rssac is an implementation of RSSAC-002v2 processing for DNS statistics
Tdns-client-proxy is a client-side proxy for DNS, designed to run on a computer taking UDP in and sending it privately with T-DNS to a remote recursive resolver
Tdns-server-proxy is a server-side proxy for DNS. It listens to incoming private T-DNS (with TCP and TLS) and turns it back into UDP queries to a local DNS resolver
T-DNS support for unbound patch
Unbound patches add STARTTLS handling to incoming unbound queries (but not outgoing T-DNS)
A packet capturer and forwarder for active measurement of anycast catchements.
A pinger for active measurement of anycast catchements.
A ping analyzer for active measurement of anycast catchements.
Chrome browser extension to detect phishing websites
Manage a tree of git or other VC repositories with funky symlinks
Manage babarchives, checksumed directory trees that can be validated
source code for content reuse detection paper
timefind and indexer
Software to handle indexing and selection of multiple network data types based on a given time range.
libtrace is a library for packet trace processing
rejwreply is a linux kernel patch set that adds echo-reply as a new feedback type in iptable REJECT rule.