The DAG card can be configured to specify the number of bytes of a packet-on-the-link that are stripped and stored in a DAG record. A DAG record (actually called the Endace Ethernet Variable Length Record)  consists of a fixed-size  header (containing the packet timestamp e.g.)  follows by as many bytes of the protocol header and payload in the packet, as specified in the DAG card configuration. The goal of the traces collected at the UMass gateway is to get the entire TCP/IP header (with some TCP options), for a TCP/IP packet . With this in mind the DAG records we collect are 76 bytes long, and the structure of the record for a TCP/IP packet looks like this:

 a) 18 bytes (16 + 2 padding bytes) of Endace Ethernet Variable Length Record Header that has

 +----------+---------+---------+--------------+-------------------+
 | 8 byte       | 8 bytes of Misc fields and flags      | 2bytes of padding   |  
 | timestamp |                                                      |                               |
 +----------+---------+---------+----------------------------------+

 To know more about the Ethernet Variable record header look up Page 4
 of the document http://www.endace.com/support/EndaceRecordFormat.pdf

 followed by 14 bytes of Ethernet Frame information

 +-----------+-------------+---------+
 |   Dst MAC |   Src MAC  |  Type      | 
+----------- +-------------+---------+
  <-- 6 -----> <-- 6 ------> <-- 2 -->
 Type 0x80 0x00 = TCP/IP
 

Followed by 20 bytes of the standard IP Header and the standard TCP header (look up Stevens). 
We also collect 4 extra bytes to incorporate some TCP options (such as MSS). Thus the 
records in the traces we collect are (18 + 14 + 20 + 20 + 4) 76 bytes long.