About
Traffic-Taffy tools perform differential network traffic anomaly analysis.
It was created by Wes Hardaker, a computer scientist at USC/ISI, with support from the Comcast
Innovation Fund.
Presentations about traffic-taffy:
- Background at an ICANN security workshop:
Video and slides
- Very short overview at IETF-120 in MAPRG:
Video and slides
- More detailed usage at DNS-OARC 42: Video
and slides
Major ChangeLog events
- 0.8.5:
- Added support for reporting a number of IANA numeric->name translations
- 0.8:
- Note that the -x switch to limit the list of results has been moved to -R.
- Added ip2asn and psl (public suffix list) extra processing modules that can be enabled with a new -x switch.
- Added a –merge command line option to merge all dissected traffic traces into a single time-stream. For taffy-compare, this forces comparison by time bins across all supplied data.
- All labeling switched to underbar separators rather that period separators to support future expression handling.
- 0.7:
- Support for comparing multiple files via time ranges rather than comparing file vs file. Use –merge to enable this.
- 0.6: support added for analyzing dnstap files