This dataset presents real-world IoT device traffic captured under a scenario termed "Active," reflecting typical usage patterns encountered by everyday users. Our methodology emphasizes the collection of authentic data, employing rigorous testing and system evaluations to ensure fidelity to real-world conditions while minimizing noise and irrelevant capture.


This dataset results from a month-long cloud-based Internet Background Radiation observation conducted in May 2023.
A sensor fleet comprised of 26 EC2 compute instances was deployed within Amazon Web Services across their 26 commercially available regions, 1 sensor per region.

The dataset contains 21,856,713 incoming packets, out of which 17,008,753 are TCP datagrams, 3,076,855 are ICMP packets and the remainder, 1,770,418 are UDP messages.


Electric power systems are comprised of cyber and physical components that are crucial to grid resiliency. Data from both components should be collected when modeling power systems: data from communication networks and intrusion detection systems; physical telemetry from sensors and field devices.


Smart grid, an application of Internet of Things (IoT) is modern power grid that encompasses power and communication network from generation to utilization . Home Area Network (HAN), Field or Neighborhood Area Network (FAN/NAN) and Wide Area network (NAN) using Wireless LAN and Wireless/Wired WAN protocols are employed from generation to utilization . Advanced Metering Infrastructure, a utilization side infrastructure facilitates communication between smart meters and the server where energy efficient protocols are mandate to support smart grid .


In this dataset, we provide detailed traffic stream data for the Spot robot, including both the Spot robot control traffic stream and the Spot video stream. The Spot robot traffic streams provide realistic traffic data for communication network evaluations, e.g., for measurements with the TSN FlexText testbed. Furthermore, we share data for the tactile internet including audio, video, and robotic communication. Finally, the dataset includes generic data streams for three different intervals (0.2ms, 0.3ms, and 0.5ms) with two different Ethernet frame sizes.


Maximum capture length for interface 0:            65000

First timestamp:                     1186262976.484933000

Last timestamp:                      1186263276.484931000

Unknown encapsulation:                                  0

IPv4 bytes:                                    2768247216

IPv4 pkts:                                       45954067

IPv4 flows:                                       2860519

Unique IPv4 addresses:                               7075

Unique IPv4 source addresses:                        7065


This dataset provides wireless measurements from two industrial testbeds: iV2V (industrial Vehicle-to-Vehicle) and iV2I+ (industrial Vehicular-to-Infrastructure plus sensor).

iV2V covers 10h of sidelink communication scenarios between 3 Automated Guided Vehicles (AGVs), while iV2I+ was conducted for around 16h at an industrial site where an autonomous cleaning robot is connected to a private cellular network.


Identifying patterns in the modus operandi of attackers is an essential requirement in the study of Advanced Persistent Threats. Previous studies have been hampered by the lack of accurate, relevant, and representative datasets of current threats. System logs and network traffic captured during attacks on real companies’ information systems are the best data sources to build such datasets. Unfortunately, for apparent reasons of companies’ reputation, privacy, and security, such data is seldom available.


The dataset is generated by performing different Man-in-the-Middle (MiTM) attacks in the synthetic cyber-physical electric grid in RESLab Testbed at Texas AM University, US. The testbed consists of a real-time power system simulator (Powerworld Dynamic Studio), network emulator (CORE), Snort IDS, open DNP3 master, SEL real-time automation controller (RTAC), and Cisco Layer-3 switch. With different scenarios of MiTM attack, we implement a logic-based defense mechanism in RTAC and save the traffic data and related cyber alert data under the attack.