Welcome, Guest! Log In | Create Account

Publicly available PCAP files

From networkminer

Jump to: navigation, search

This is a directory over various packet capture repositories which are freely and publicly available on the Internet. Most of the sites listed below share their PCAP files as full content, but some do unfortunately only have truncated frames.

PCAP Repositories

Wireshark Sample Capures
http://wiki.wireshark.org/SampleCaptures

OpenPacket.org Capture Repository (maintained by JJ Cummings created by Richard Bejtlich)
https://www.openpacket.org/capture/list
http://openpacket.spaceegg.net/capture/list

Captures from the "2009 Inter-Service Academy Cyber Defense Competition" served by Information Technology Operations Center (ITOC), United States Military Academy
http://www.itoc.usma.edu/research/dataset/index.html

PacketLife.net Packet Captures (Jeremy Stretch)
http://packetlife.net/captures/

MOME database
http://www.ist-mome.org/database/MeasurementData/?cmd=databrowse

EvilFingers PCAPs
http://www.evilfingers.com/projects/pcaps.php

Trace Files - Protocol Analysis Institute (Laura Chappell)
http://www.packet-level.com/traces/index.htm

Laura's Lab Kit v.8
http://demeter.uni-regensburg.de/Lauras_Lab_Kit_v8/AutoPlay/trace_files_llk8/

Laura's Lab Kit v.9 ISO image
http://cdn.novell.com/cached/video/bs_08/LLK9.iso

Sample capture files from: "Practical Packet Analysis - Using Wireshark to Solve Real-World Network Problems" by Chris Sanders
http://www.nostarch.com/download/ppa-capture-files.zip

DefCon Capture the Flag Contest traces
http://cctf.shmoo.com/

DefCon 17 Capture the Flag Contest traces
http://ddtek.biz/
http://ddtek.biz/ctf_dc17_packets.tbz.torrent

Anonymous FTP connections to public FTP servers at the Lawrence Berkeley National Laboratory
http://www-nrg.ee.lbl.gov/anonymized-traces.html

Pcapr (Mu Dynamics) - A capture repository with pcap files of various traffic types
http://www.pcapr.net/

Bro IDS trace files (no application layer data)
ftp://bro-ids.org/enterprise-traces/hdr-traces05/

Wireless LAN Traces from ACM SIGCOMM'01 (no application layer data)
http://sysnet.ucsd.edu/pawn/sigcomm-trace/

Wireshark Fuzzed Protocol Capures (only fuzzed packets)
ftp://wireshark.org/automated/captures/

Single PCAP files

Honeynet.org's Scan of the Month PCAPs
http://www.honeynet.org/scans/scan27/
http://www.honeynet.org/scans/scan28/

Raul Siles, “Pcap files containing a roaming VoIP session”
http://www.raulsiles.com/downloads/VoIP_roaming_session.zip

Russ McRee, W32/Sdbot infected machine
http://holisticinfosec.org/toolsmith/files/nov2k6/toolsmith.pcap

CWSandbox, Sandox execution of malicious ActiveX component (downloads Downloader-BKH)
http://www.cwsandbox.org/?page=download&dltype=pcap&id=612050&password=cqofm

Géza Szabó, Reference capture from "On the Validation of Traffic Classification Algorithms" (application data limited to first 42 bytes)
http://pics.etl.hu/˜szabog/measurement.tar

NetWitness Sample Capture (requires login to the netwitness.com community)
https://www.netwitness.com/community/attachment.php?attachmentid=181&d=1226877587

hack.lu 2009 Information Security Visualization Contest (honeypot traffic, mostly SSH and HTTP)
http://2009.hack.lu/index.php/InfoVisContest

Network Forensics Puzzle Contest
http://forensicscontest.com/

Retrieved from "http://sourceforge.net/apps/mediawiki/networkminer/index.php?title=Publicly_available_PCAP_files"

Copyright © 2010 Geeknet, Inc. All rights reserved. Terms of Use