Skip to main content
Version: Tenzir v4.6

User Guides

The user guides walk you through various examples that illustrate how to use use Tenzir in practice.


Throughout our guides, we use publicly available datasets for a reproducible experience.


The M57 Patents Scenario contains large amounts of diverse network traffic. We enriched the PCAP from Nov 18, 2009, by adding malicious traffic from We adjusted all packet timestamp to 2021. Thereafter, we ran Zeek v5.2.0 and Suricata 6.0.10 to obtain structured network logs.

The dataset includes the following files:

For the examples in the next section, download and extract the archives:

curl -L -O
curl -L -O
tar xzvf suricata.tar.gz
tar xzvf zeek.tar.gz