Captured network traces ======================= The followed are lists of proxy traffic traces and unobfuscated (regular) traffic traces captured for testing and evaluation of CovertMark during the project. All traffic were captured under realistic internet browsing conditions on the modern web, which were carried out by real humans. This marks the greatest distinction between the CovertMark datasets and datasets used in prior protocol-obfuscation-detection researches. Sources and destinations of packets have been scrambled with `Crypto-PAn `__, which is primarily to protect the exact addresses of Tor PT bridges in proxy traces. Regular traffic captured as controls and negative training data were produced by human volunteers under experimental conditions with detailed instructions to protect their privacy. All unencrypted and non-TCP traffic have also been stripped out. However, in contrast with `CAIDA traces `__, all encrypted payloads have been preserved, along with some cleartext metadata such as TLS SNI hostnames. This allows CovertMark to examine encrypted network traffic from the exact perspective of state censors performing advanced DPI detection of proxy servers. Click on the file names below to download associated traces. Proxy Traces ------------ All proxy traces are unaffected by TCP segmentation offload (TSO), with longer-than-MTU payloads fully segmented. +------------------+-----+-------------+-------------+---------------+ | File Name | Pac\| IP(s) of | IP(s) of | Port(s) of | | | ket\| Proxy | Proxy | Proxy Servers | | | s | Clients | Servers | | +==================+=====+=============+=============+===============+ | `shadowsocks1_an\| 674\| 130.0.170.1\| 12.173.72.5\| 443, 995 | | on `__ | | 130.0.174.2\| 56.136.248.\| | | | | 53 | 69 | | +------------------+-----+-------------+-------------+---------------+ | `shadowsocks2_an\| 286\| 130.0.175.1\| 213.69.160.\| 443 | | on `__ | | | | | +------------------+-----+-------------+-------------+---------------+ | `meek1_anon `__ | | 47 | 8.244 | | +------------------+-----+-------------+-------------+---------------+ | `meek2_anon `__ | | | | | +------------------+-----+-------------+-------------+---------------+ | `obfs4-1_anon `__ | | 207.52.86.2\| 109.45.76.1\| | | | | 3 | 94 | | +------------------+-----+-------------+-------------+---------------+ | `obfs4-2_anon `__ | | | | | +------------------+-----+-------------+-------------+---------------+ Negative / Regular Traffic Traces --------------------------------- The longer, multi-client ``cantab_anon.pcap`` was captured on machines with TCP segmentation offloading due to technical limitations, which means that longer-than-MTU payloads will appear unsegmented. This does not however affect CovertMark’s default detection strategies. The shorter, single-client ``lso_anon.pcap`` is unaffected with all longer-than-MTU payloads properly segmented. +-----------------+-----------------+-----------------+-----------------+ | File Name | Packets | Concurrent | Client | | | | Users | IP’s/Subnets | +=================+=================+=================+=================+ | `lso_anon `__ | | | | +-----------------+-----------------+-----------------+-----------------+ | `cantab_anon `__ | | | | +-----------------+-----------------+-----------------+-----------------+