analysis s/w: interarrival times packet run lengths interarrival time distributions protocol-relevant TCP: retransmissions/dup acks packet size distributions security related DOS attack traces on-card kernel packet filtering, a la bpf