The TracesPlay program enables you to read different formats of network measurements (traces) such as PCAP or ERF (from DAG Cards) among others. The program has been written without using pcap or other libraries that faciliate the transfer between various platforms. Moreover, it has been implemented as a C++ library , a command line application and a Matlab library . If you are interested in specific use case simply click on the case and you will be taken to a description page.

What TracesPlay Does


Using traffic traces is more and more common. Since there are lots of different ways to measure
traffic, many different traffic trace formats are used. Some of them are almost standard
like PCAP (TCP dump) and others are only used by a single lab. TracesPlay is written to facilitate
the easy reading of different trace formats. It currently supports and recognizes the folowing formats:
• PCAP (e.g. tcpdump)
• ERF (e.g. from DAG cards)
• tsh
• fr, fr+
So you can use the same command to access different types of traces.

Our goal was to create a platform independent application, therefore TracesPlay does NOT use any additional libraries and can be easily compiled on different operating systems. If you read a file by TracesPlay the only thing you have to know is the specific field names which you can find in the manual section .

Note that if a trace contains unsupported fields they are skipped. Therefore, some packets can be skipped. All supported filelds are read properly so you can be sure that they are not skipped.

If you wish to get more information about our project or join it go here.