The UCSD Network Telescope consists of a globally routed, but lightly utilized /8 network prefix, that is, 1/256th of the whole IPv4 address space. It contains few legitimate hosts; inbound traffic to non-existent machines - so called Internet Background Radiation (IBR) - is unsolicited and results from a wide range of events, including misconfiguration (e.g. mistyping an IP address), scanning of address space by attackers or malware looking for vulnerable targets, backscatter from randomly spoofed denial-of-service attacks, and the automated spread of malware. CAIDA continously captures this anomalous traffic discarding the legitimate traffic packets destined to the few reachable IP addresses in this prefix. We archive and aggregate these data, and provide this valuable resource to network security researchers.
The CAIDA Industry Evaluation Near-Real-Time Network Telescope Dataset
CAIDA continously captures traffic from the UCSD Network Telescope. A moving time window, approximately covering the most recent two months of data, are stored on spinning disk, and are available for analysis to interested researchers as the CAIDA Near-Real-Time Network Telescope Dataset.
CAIDA makes the near-real-time traces freely available to academic researchers and US government agencies. Corporate entities (including corporate researchers) receive access through CAIDA's membership program. Information on membership levels, services, and rates is found on the CAIDA Sponsorship Information page, or can be requested by emailing firstname.lastname@example.org.
This industry evaluation dataset is provided to corporate researchers to allow them to assess the usefulness of the CAIDA near-real-time data from the UCSD Network Telescope for their research, and justify CAIDA membership for their organization.
The dataset contains a one-day sample of traffic from the UCSD Network Telescope. The dataset contains data that are between one and two years old at the time the request for data is approved. Access will be given for the duration of one year.
The dataset contains 24 compressed pcap files, each containing one hour of data. Also included are 24 compressed Corsaro flow files, containing flow information in the flowtuple format provided by the Corsaro Software Suite. The total size of the dataset is approximately 140 GB.
The pcap traces can be read with any software that reads the pcap (tcpdump) format, including the CoralReef Software Suite, tcpdump, Wireshark, and many others. To access the flowtuple files use the Corsaro Software Suite.
This evaluation dataset is not intended to be used for actual research.
Referencing this Dataset
When referencing this data (as required by the AUA), please use:The CAIDA UCSD Industry Evaluation Near-Real-Time Network Telescope DatasetAlso, please, report your publication to CAIDA.
UCSD Network Telescope Datasets
- Historical and Near-Real-Time Network Telescope Dataset
- Aggregated Traffic Data in FlowTuple format
- Daily RSDoS Attack Metadata
- Two Years of Daily RSDoS Attack Metadata (downloadable paper supplement)
- Three Days Of Conficker Dataset
- CAIDA UCSD Network Telescope Traffic Samples
- Witty Worm Dataset
- Code-Red Worms Dataset
- Patch Tuesday Dataset
- Two Days in November 2008 Dataset
- Telescope Educational Dataset
- Telescope Dataset on the Sipscan
- Telescope Darknet Scanners Dataset
For more information on the UCSD Network Telescope, see:
For more information on the CoralReef Software Suite, see:
For more information on the Corsaro Software Suite, see:
For a non-exhaustive list of Non-CAIDA publications using Network Telescope data, see: