Publicly available PCAP files
From networkminer
This is a directory over various packet capture repositories which are freely and publicly available on the Internet. Most of the sites listed below share their PCAP files as full content, but some do unfortunately only have truncated frames.
PCAP Repositories
Wireshark Sample Capures
http://wiki.wireshark.org/SampleCaptures
OpenPacket.org Capture Repository (maintained by JJ Cummings created by Richard Bejtlich)
https://www.openpacket.org/capture/list
http://openpacket.spaceegg.net/capture/list
Captures from the "2009 Inter-Service Academy Cyber Defense Competition" served by Information Technology Operations Center (ITOC), United States Military Academy
http://www.itoc.usma.edu/research/dataset/index.html
PacketLife.net Packet Captures (Jeremy Stretch)
http://packetlife.net/captures/
MOME database
http://www.ist-mome.org/database/MeasurementData/?cmd=databrowse
EvilFingers PCAPs
http://www.evilfingers.com/projects/pcaps.php
Trace Files - Protocol Analysis Institute (Laura Chappell)
http://www.packet-level.com/traces/index.htm
Laura's Lab Kit v.8
http://demeter.uni-regensburg.de/Lauras_Lab_Kit_v8/AutoPlay/trace_files_llk8/
Laura's Lab Kit v.9 ISO image
http://cdn.novell.com/cached/video/bs_08/LLK9.iso
Sample capture files from: "Practical Packet Analysis - Using Wireshark to Solve Real-World Network Problems" by Chris Sanders
http://www.nostarch.com/download/ppa-capture-files.zip
DefCon Capture the Flag Contest traces
http://cctf.shmoo.com/
DefCon 17 Capture the Flag Contest traces
http://ddtek.biz/
http://ddtek.biz/ctf_dc17_packets.tbz.torrent
Anonymous FTP connections to public FTP servers at the Lawrence Berkeley National Laboratory
http://www-nrg.ee.lbl.gov/anonymized-traces.html
Pcapr (Mu Dynamics) - A capture repository with pcap files of various traffic types
http://www.pcapr.net/
Bro IDS trace files (no application layer data)
ftp://bro-ids.org/enterprise-traces/hdr-traces05/
Wireless LAN Traces from ACM SIGCOMM'01 (no application layer data)
http://sysnet.ucsd.edu/pawn/sigcomm-trace/
Wireshark Fuzzed Protocol Capures (only fuzzed packets)
ftp://wireshark.org/automated/captures/
Single PCAP files
Honeynet.org's Scan of the Month PCAPs
http://www.honeynet.org/scans/scan27/
http://www.honeynet.org/scans/scan28/
Raul Siles, “Pcap files containing a roaming VoIP session”
http://www.raulsiles.com/downloads/VoIP_roaming_session.zip
Russ McRee, W32/Sdbot infected machine
http://holisticinfosec.org/toolsmith/files/nov2k6/toolsmith.pcap
CWSandbox, Sandox execution of malicious ActiveX component (downloads Downloader-BKH)
http://www.cwsandbox.org/?page=download&dltype=pcap&id=612050&password=cqofm
Géza Szabó, Reference capture from "On the Validation of Traffic Classification Algorithms" (application data limited to first 42 bytes)
http://pics.etl.hu/˜szabog/measurement.tar
NetWitness Sample Capture (requires login to the netwitness.com community)
https://www.netwitness.com/community/attachment.php?attachmentid=181&d=1226877587
hack.lu 2009 Information Security Visualization Contest (honeypot traffic, mostly SSH and HTTP)
http://2009.hack.lu/index.php/InfoVisContest
Network Forensics Puzzle Contest
http://forensicscontest.com/
