openpacket-users Mailing List for OpenPacket Tools

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Dear All,

I'm looking for data sets on broadband traffic that have been measured
using probe packets. Does anyone have any suggestions?

Many thanks

Colin

We have made several backend changes to OpenPacket.org to improve the speed
and reliability, please hit it and run some tests.  If you run into any
issues, feel free to contact me: cummingsj <at> openpacket.org

JJC

I would like to begin by thanking Richard for his time and dedication  
in getting this project off of the ground.

There have been a number of changes in recent months, including the  
migration of the site onto new hardware to increase stability. There  
are a number of significant changes that are rapidly approaching that  
include some partnerships and significant site enhancements. This  
being said, please stay tuned for these upcoming developments and let  
us know how we are doing by participating in the forums and capture  
uploads.

I would also like to welcome our latest moderator: Joel Esler.

Cheers,
JJC 

Hi all,
Can anyone send me pcap traces for MAP transactions related to SMS?
Specially mobile originated and terminated short messages.

Thanks.
-- 
Mohsin Saleem

Have applied to CAIDA for captures which I will use one of the
available tools to parse to flow data.

Thanks for suggestions, though if, apart from what's offered on the
website, they do actually provide flow data out of band to
researchers, that would be great!

Donal

On Fri, Aug 22, 2008 at 6:13 AM, Erik Hjelmvik <eri...@gm...> wrote:
> Hi CS and others,
>
> Do you guys know if CAIDA can provide full pcap files, i.e. with full
> application payloads, or do they only have flow data?
> Anonymized IP's is OK with me.
>
> /erik
>
> 2008/8/21 CS Lee <ge...@gm...>:
>> hi donai,
>>
>> As far as I know, sample dataset for flow is not available public ally,
>> arbor is successful in a way where they are pushing their products to ISP
>> level and they are definitely benefit from that. And most ISPs will avoid
>> sharing the flow data too as you can't consider the data belongs to them as
>> well(they provide connectivities/links) unless it is specified.
>>
>> If you are doing it for your own researh only, maybe u can grab the pcap and
>> generate flow data out of it. We would definitely love to have dataset
>> sharing. Anyway, caida is always sharing large data set they have.
>>
>> http://www.caida.org/data/
>>
>> I'm not too sured if they are sharing flow data, you might ask them.
>>
>> Cheers ;]
>>
>> On Thu, Aug 21, 2008 at 8:12 PM, Donal <irl...@gm...> wrote:
>>>
>>> Hi guys, as per openpacket... I am trying to get my hands on old/new
>>> flow data, expired, anonymised or otherwise. I have contacted
>>> Arbor(Danny McP and local SE's) and am talking to the encumbent Telcos
>>> here in Australia. I was hoping someone might be aware of repositories
>>> of such datasets
>>> or would know who to ask potentially?
>>>
>>> It is purely for mine own research efforts in assigning value to
>>> shared infrastructures and to perhaps facilitate theories/presentation
>>> at the next SecurityMetrics conference!
>>>
>>> Will anonymize with FLAIM http://en.wikipedia.org/wiki/FLAIM
>>>
>>> --
>>>
>>> ________________________________________________________________________________
>>> Donal ( http://bsdosx.blogspot.com/ )
>>>
>>> "Any intelligent fool can make things bigger, more complex, and more
>>> violent. It takes a touch of genius -- and a lot of courage -- to move
>>> in the opposite direction." E. F. Schumacher
>>>
>>> -------------------------------------------------------------------------
>>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>>> challenge
>>> Build the coolest Linux based applications with Moblin SDK & win great
>>> prizes
>>> Grand prize is a trip for two to an Open Source event anywhere in the
>>> world
>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>> _______________________________________________
>>> Openpacket-users mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/openpacket-users
>>
>>
>>
>> --
>> Best Regards,
>>
>> CS Lee<geek00L[at]gmail.com>
>>
>> http://geek00l.blogspot.com
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>> Build the coolest Linux based applications with Moblin SDK & win great
>> prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Openpacket-users mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/openpacket-users
>>
>>
>

-- 
________________________________________________________________________________
Donal ( http://bsdosx.blogspot.com/ )

"Any intelligent fool can make things bigger, more complex, and more
violent. It takes a touch of genius -- and a lot of courage -- to move
in the opposite direction." E. F. Schumacher

Hi CS and others,

Do you guys know if CAIDA can provide full pcap files, i.e. with full
application payloads, or do they only have flow data?
Anonymized IP's is OK with me.

/erik

2008/8/21 CS Lee <ge...@gm...>:
> hi donai,
>
> As far as I know, sample dataset for flow is not available public ally,
> arbor is successful in a way where they are pushing their products to ISP
> level and they are definitely benefit from that. And most ISPs will avoid
> sharing the flow data too as you can't consider the data belongs to them as
> well(they provide connectivities/links) unless it is specified.
>
> If you are doing it for your own researh only, maybe u can grab the pcap and
> generate flow data out of it. We would definitely love to have dataset
> sharing. Anyway, caida is always sharing large data set they have.
>
> http://www.caida.org/data/
>
> I'm not too sured if they are sharing flow data, you might ask them.
>
> Cheers ;]
>
> On Thu, Aug 21, 2008 at 8:12 PM, Donal <irl...@gm...> wrote:
>>
>> Hi guys, as per openpacket... I am trying to get my hands on old/new
>> flow data, expired, anonymised or otherwise. I have contacted
>> Arbor(Danny McP and local SE's) and am talking to the encumbent Telcos
>> here in Australia. I was hoping someone might be aware of repositories
>> of such datasets
>> or would know who to ask potentially?
>>
>> It is purely for mine own research efforts in assigning value to
>> shared infrastructures and to perhaps facilitate theories/presentation
>> at the next SecurityMetrics conference!
>>
>> Will anonymize with FLAIM http://en.wikipedia.org/wiki/FLAIM
>>
>> --
>>
>> ________________________________________________________________________________
>> Donal ( http://bsdosx.blogspot.com/ )
>>
>> "Any intelligent fool can make things bigger, more complex, and more
>> violent. It takes a touch of genius -- and a lot of courage -- to move
>> in the opposite direction." E. F. Schumacher
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win great
>> prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the
>> world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Openpacket-users mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/openpacket-users
>
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Openpacket-users mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openpacket-users
>
>

hi donai,

As far as I know, sample dataset for flow is not available public ally,
arbor is successful in a way where they are pushing their products to ISP
level and they are definitely benefit from that. And most ISPs will avoid
sharing the flow data too as you can't consider the data belongs to them as
well(they provide connectivities/links) unless it is specified.

If you are doing it for your own researh only, maybe u can grab the pcap and
generate flow data out of it. We would definitely love to have dataset
sharing. Anyway, caida is always sharing large data set they have.

http://www.caida.org/data/

I'm not too sured if they are sharing flow data, you might ask them.

Cheers ;]

On Thu, Aug 21, 2008 at 8:12 PM, Donal <irl...@gm...> wrote:

> Hi guys, as per openpacket... I am trying to get my hands on old/new
> flow data, expired, anonymised or otherwise. I have contacted
> Arbor(Danny McP and local SE's) and am talking to the encumbent Telcos
> here in Australia. I was hoping someone might be aware of repositories
> of such datasets
> or would know who to ask potentially?
>
> It is purely for mine own research efforts in assigning value to
> shared infrastructures and to perhaps facilitate theories/presentation
> at the next SecurityMetrics conference!
>
> Will anonymize with FLAIM http://en.wikipedia.org/wiki/FLAIM
>
> --
>
> ________________________________________________________________________________
> Donal ( http://bsdosx.blogspot.com/ )
>
> "Any intelligent fool can make things bigger, more complex, and more
> violent. It takes a touch of genius -- and a lot of courage -- to move
> in the opposite direction." E. F. Schumacher
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Openpacket-users mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openpacket-users
>

-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com

Hi guys, as per openpacket... I am trying to get my hands on old/new
flow data, expired, anonymised or otherwise. I have contacted
Arbor(Danny McP and local SE's) and am talking to the encumbent Telcos
here in Australia. I was hoping someone might be aware of repositories
of such datasets
or would know who to ask potentially?

It is purely for mine own research efforts in assigning value to
shared infrastructures and to perhaps facilitate theories/presentation
at the next SecurityMetrics conference!

Will anonymize with FLAIM http://en.wikipedia.org/wiki/FLAIM

-- 
________________________________________________________________________________
Donal ( http://bsdosx.blogspot.com/ )

"Any intelligent fool can make things bigger, more complex, and more
violent. It takes a touch of genius -- and a lot of courage -- to move
in the opposite direction." E. F. Schumacher

Hey All,

I was wondering if anyone had a sample of z/OS UDP syslog traffic that
they'd be willing to share? Please let me know...I'd really appreciate it.

-- 
Andrew Hay
Security+, CCSE Plus, RHCE, GSEC, GCIA, GCIH, CISSP
blog: http://www.andrewhay.ca
email: and...@gm...
twitter: andrewsmhay
profile: http://www.linkedin.com/in/andrewhay

Hi there to all on the land of packets.
i am a first timer, on this mailing list, can somebody please enlighten me
on the cisco interswitch link protocols. I know what they are, but how to
derive information about VLANS from their payloads.
If i can dissect them and get the information on my network what & how the
switches are conversing.
Cisco never gives a rfc or standard to study their protocols, other than the
minor specifications on their website & best practices :(

Looking forward to your replies

Thank You!

All,
Anyone who wishes to submit a bug or feature request, please use
openpacket's sourceforge.net tracker, which can be accessed here:

https://sourceforge.net/tracker/?group_id=148106

Additionally, if anyone thinks of any bug or feature request
categories that don't currently exist, please send me an email (or
post to the list) and I'll create a category.

Thanks,
Lee/dakrone

Hello again all,

I just wanted to post a quick update and let everyone know that we have 
addressed many issues that were recently reported and are also looking 
into a bug reporting / feature request tracking interface that we will 
be letting everyone know about when apt.

One of the updates that will be immediately visible is the addition of a 
validly signed certificate and the redirect from http to http_*s*_.

Thank you for your support and feedback thus far!

Cheers,
JJC

Hello OpenPacket.org users,

I've noticed uploads containing Tshark output that is not formatted as expected.

When we request Tshark output we mean the output of the following command:

 tshark -q -z io,phs -r yourtrace.pcap

This produces output like the following:

Protocol Hierarchy Statistics
Filter: frame

frame                                    frames:26084 bytes:8187014
 eth                                    frames:26084 bytes:8187014
   ip                                   frames:26084 bytes:8187014
     tcp                                frames:26077 bytes:8186206
       http                             frames:2095 bytes:474251
         data-text-lines                frames:91 bytes:27088
         http                           frames:6 bytes:1571
         media                          frames:11 bytes:2605
           http                         frames:2 bytes:292
       tcp.segments                     frames:1812 bytes:1015592
         http                           frames:1812 bytes:1015592
           data-text-lines              frames:1804 bytes:1013636
           message-http                 frames:2 bytes:378
     udp                                frames:4 bytes:618
       nbns                             frames:3 bytes:276
       data                             frames:1 bytes:342
     icmp                               frames:3 bytes:190

We do not produce this output automatically on the server because it
exposes us to compromise.  The next time someone finds a vulnerability
in a Wireshark protocol dissector, someone could craft a malicious
trace, upload it, and exploit the server's Tshark program.  We prefer
to have users generate Tshark output.

At this very moment moderators do not have the capability to reformat
Tshark output for traces in the pending queue, so I will have to
reject them for now.  In the future moderators should be able to
generate their own Tshark PHS to accompany the trace.

Thank you,

Richard

Hi Dan,

I will develop something formal and post it to the site, probably this weekend.

Thank you,

Richard

On Sun, Apr 6, 2008 at 7:08 PM, Dan Shearer <da...@sh...> wrote:
> Hello,
>
>  Nice idea! I just registered as danshearer.
>
>  I haven't been able to find the terms under which you accept uploads? I
>  also looked in the mailing list archives.
>
>  Regards,
>
>  --
>  Dan Shearer
>  da...@sh...
>

On 8/21/06, Ayed Qarta <a....@gm...> wrote:
> hey all,
>
> my name is Ayed Qarta, a security geek from kuwait. I wanna thank you
> Richard Bejtlich for OpenPacket coz it's a good source to get packets. How
> can i submit my own traces ?

Hello,

OpenPacket.org isn't live yet.  When it's operating we will post instructions.

RIchard

hey all,

my name is Ayed Qarta, a security geek from kuwait. I wanna thank you
Richard Bejtlich for OpenPacket coz it's a good source to get packets. How
can i submit my own traces ?

On 7/24/06, StAmour, Kevin <Kev...@an...> wrote:
>
>
>
>
> Looks Like I may be the First join? If not, then hello world. Looking
> forward to the Openpacket project.
>

It's tough to be a user when the project doesn't exist yet.  :)
Thanks for signing up though!  We can use your input at
openpacket-devel.

Richard

Looks Like I may be the First join? If not, then hello world. Looking
forward to the Openpacket project.

=20

------------------------

Kevin St.Amour
Andrew Corporation
19700 Janelia Farm Blvd.
Ashburn, VA 20147
CISSP# 46396
Geometrix=20

=20

=20

=20

=20

---------------------------------------------------------------------------=
---------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information. =20
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
---------------------------------------------------------------------------=
---------------------
[mf2]
First post -- test.

Richard

2006	Jan	Feb	Mar	Apr	May	Jun	Jul (3)	Aug (2)	Sep	Oct	Nov	Dec
2008	Jan	Feb	Mar	Apr (5)	May	Jun	Jul (2)	Aug (4)	Sep	Oct	Nov	Dec
2009	Jan (3)	Feb	Mar (1)	Apr (1)	May	Jun	Jul	Aug	Sep (1)	Oct	Nov	Dec

openpacket-users Mailing List for OpenPacket Tools

openpacket-users — OpenPacket users