Author: Sookhyun Yang
Email: shyang@cs.umass.edu
Date:  4 May 2013


This file describes P2P emulation traces. 

    sha1sum                                   filename
    838857a53d20dbdbe6e762c6f41ca3568e4d7bf7  Blocal.tar.gz
    2c3d8fdb9b6976a1605a6c59dce4092f1c05bc65  Bremote_house1_linux_cap.tar.gz
    9bfbd51c32f1e2d0f7e2a3d9661100de3e1add9f  Bremote_house1_linux_tmp.tar.gz
    b104f4373f4a41d9bbfb90be5c4b2cf530edde21  Bremote_house1_linux_wshark.tar.gz
    a92f0cfaeb6575bc14523edfd048308e17d042a9  Bremote_house1_windows_cap.tar.gz
    084dec623b79bb80abfff06ddcd98813f8eef473  Bremote_house1_windows_tmp.tar.gz
    175c0ca30c4dea43bf9bbcb93a107debe9c92749  Bremote_house1_windows_wshark.tar.gz
    6e063650830264a86092332760793d196d2e9556  Bremote_houses2-to-8.tar.gz


as referenced in the following paper:

    @inproceedings{Yang:2013,
        Author = { Sookhyun Yang and Jim Kurose and Brian Neil Levine},
        Booktitle = {Proc. IEEE INFOCOM Mini-Conference},
        Keywords = {forensics; wireless; Synthesis project},
        Month = {April},
        Pages = {5},
        Sponsors = {CNS-0905349, CNS-1040781},
        Title = {{Disambiguation of Residential Wired and Wireless Access in a Forensic Setting}},
        Url = {http://forensics.umass.edu/pubs/yang.infocom-mini.2013.pdf},
        Year = {2013}
    }

As described in the paper, three types of files were collected for each measurement setting.

1) `.cap` files contain 802.11 frames captured via a monitor mode for quantifying an amount of background wireless traffic generated from nearby wireless devices using the same or overlapping channel with our targeting device's wireless channel. 
2) `.wshark` files contain TCP packets captured at a wired sniffer located between an AP and a cable modem using wireshark.
3) `.tmp` files contain TCP packets captured at a remote server using tcpdump.

The above files are named in the following way. 

(1)_(2)_(3)_(4)_(5)_(6)_bg_sniff_(7)_(8)_tcp_(9)_(10).cap
(1)_(2)_(3)_(4)_(5)_(6)_hub_sniff_(7)_(8)_tcp_(9)_(10).wshark
(1)_(2)_(3)_(4)_(5)_(6)_(7)_(8)_tcp_(9)_(10).tmp

(1)	denotes the receiver considered as a law enforcement peer. (1) can be either Blocal or Bremote. Blocal is a node located in the same local cable network. Bremote is a node located outside of a cable network.
(2)	denotes a house ID where a receiving node is located. 
(3)	denotes the date when measurement has been taken.
(4)	denotes whether TCP flows are generated in a full-rate using iperf or in a limited-rate using an emulator. 
(5)	denotes whether the rest of flows other than a target flow are destined to the same destination as the target flow or not. w_planetlab describes that the rest of flows are destined to Purdue university server in planetlab. wo_planetlab describes that the rest of flows are destined to UMass server. 
(6)	denotes the type of an access network with an amount of artificially generated wireless channel contention. 
(7)	denotes the type of an application used for generating TCP flows. 
(8)	denotes the type of an operating system. 
(9)	denotes the number of TCP flows generated from a sender.
(10)	denotes a measurement run. 

For example, if the name of a file is `Bremote_house1_Mar_2011_fullrate_w_planetlab_10Mbps_wireless_iperf_linux_tcp_5_r1.tmp`, then it means a tcpdump trace captured at UMass server in March 2011 when five TCP flows were generated using iperf in Linux and only a target TCP flow was destined to the UMass server, artificially generating 10 Mbps wireless contention traffic.