Traffic-Taffy

About

Traffic-Taffy tools perform differential network traffic anomaly analysis.

It was created by Wes Hardaker, a computer scientist at USC/ISI, with support from the Comcast Innovation Fund.

Further information:

• The github source repository
• Usage documentation
  • A worked usage case study
  • Getting started information
• The pypi page

Presentations about traffic-taffy:

• Background at an ICANN security workshop: Video and slides
• Very short overview at IETF-120 in MAPRG: Video and slides
• More detailed usage at DNS-OARC 42: Video and slides

Major ChangeLog events

• 0.8.5:
  • Added support for reporting a number of IANA numeric->name translations
• 0.8:
  • Note that the -x switch to limit the list of results has been moved to -R.
  • Added ip2asn and psl (public suffix list) extra processing modules that can be enabled with a new -x switch.
  • Added a –merge command line option to merge all dissected traffic traces into a single time-stream. For taffy-compare, this forces comparison by time bins across all supplied data.
  • All labeling switched to underbar separators rather that period separators to support future expression handling.
• 0.7:
  • Support for comparing multiple files via time ranges rather than comparing file vs file. Use –merge to enable this.
• 0.6: support added for analyzing dnstap files