This paper presents a signal analysis of four classes of network traffic anomalies: outages, flash crowds, attacks, and measurement failures. The study uses IP flow and SNMP measurements collected over six months at the border router of a large university. Wavelet filters are found to be effective in exposing the details of both ambient and anomalous traffic. The analysis shows that wavelet analysis can effectively identify distinct characteristics of each anomaly class. Specifically, detecting sharp increases in the local variance of filtered data is an effective method for anomaly detection. The study evaluates traffic anomaly signals at different points within the network based on their topological distance from the anomaly source or destination, demonstrating that anomalies can be effectively exposed even when aggregated with significant amounts of additional traffic. The paper also compares SNMP and IP flow data, showing that coarse-grained SNMP data can also effectively expose anomalies. The paper outlines the background and current practices for anomaly detection in network traffic, highlighting the limitations of ad hoc methods and the need for more robust and automated approaches. It introduces the Integrated Measurement Analysis Platform for Internet Traffic (IMAPIT), which integrates data management and signal analysis capabilities. The wavelet analysis method is detailed, including the decomposition and reconstruction processes, and the selection of a specific wavelet system for its time-frequency localization properties. The results section demonstrates the effectiveness of the wavelet-based approach in identifying various types of anomalies, including flash crowds, short-term anomalies, and hidden anomalies. The deviation score method is evaluated, showing high accuracy in detecting anomalies compared to logged anomalies and an alternative Holt-Winters Forecasting method. The paper concludes with a discussion on future work, emphasizing the potential for further improvement in automated anomaly detection using machine learning techniques.This paper presents a signal analysis of four classes of network traffic anomalies: outages, flash crowds, attacks, and measurement failures. The study uses IP flow and SNMP measurements collected over six months at the border router of a large university. Wavelet filters are found to be effective in exposing the details of both ambient and anomalous traffic. The analysis shows that wavelet analysis can effectively identify distinct characteristics of each anomaly class. Specifically, detecting sharp increases in the local variance of filtered data is an effective method for anomaly detection. The study evaluates traffic anomaly signals at different points within the network based on their topological distance from the anomaly source or destination, demonstrating that anomalies can be effectively exposed even when aggregated with significant amounts of additional traffic. The paper also compares SNMP and IP flow data, showing that coarse-grained SNMP data can also effectively expose anomalies. The paper outlines the background and current practices for anomaly detection in network traffic, highlighting the limitations of ad hoc methods and the need for more robust and automated approaches. It introduces the Integrated Measurement Analysis Platform for Internet Traffic (IMAPIT), which integrates data management and signal analysis capabilities. The wavelet analysis method is detailed, including the decomposition and reconstruction processes, and the selection of a specific wavelet system for its time-frequency localization properties. The results section demonstrates the effectiveness of the wavelet-based approach in identifying various types of anomalies, including flash crowds, short-term anomalies, and hidden anomalies. The deviation score method is evaluated, showing high accuracy in detecting anomalies compared to logged anomalies and an alternative Holt-Winters Forecasting method. The paper concludes with a discussion on future work, emphasizing the potential for further improvement in automated anomaly detection using machine learning techniques.