• Built from the traffic of the CESNET2 network observed during the first two weeks of October 2021.
  • Contains 141 million flow records.
  • Has 191 service labels (e.g., Windows Update, Google Search, Instagram, Dropbox).
  • Contains two types of data: packet metadata sequences and flow statistics.


  • Download the dataset in CSV format from Zenodo – https://zenodo.org/record/7730770.
  • The list of services and domains, which were used for ground truth labeling of the dataset, is available at Zenodo.
  • The instructions on replicating the dataset collection process are here.


We published a paper in the Computer Networks journal that introduces the CESNET-TLS22 dataset in more detail and uses the dataset for researching the classification of web services in TLS traffic. If you use this dataset, we would appreciate a citation to the following paper: https://doi.org/10.1016/j.comnet.2022.109467.

author = {Jan Luxemburk and Tomáš Čejka},
title = {Fine-grained TLS services classification with reject option},
journal = {Computer Networks},
volume = {220},
pages = {109467},
year = {2023},
issn = {1389-1286},
doi = {https://doi.org/10.1016/j.comnet.2022.109467},
url = {https://www.sciencedirect.com/science/article/pii/S1389128622005011}