An alchemists view from the bar

Network Security Alchemy

Openpacket.org – example.com PCAP files

with 8 comments

I am in the process of uploading a load of pcap files to openpacket.org from my “example.com” collection. Because openpacket doesn’t provide an interface to include supporting data, below is network map that should help anyone who needs to use these pcaps. They were sniffed from a test network I built and should contain a good mix of systems and protocols.

Expect to see:

  • http
  • https
  • pop3
  • smtp
  • bittorrent
  • ldap
  • irc
  • msn
  • smb
  • dcerpc
  • ssh
Network Map - Example.com

Network Map - Example.com

While I fight with Openpcap’s upload limits, a complete archive of example.com can be found here.

-Leon

Advertisements

Written by leonward

April 10, 2009 at 12:50 pm

Posted in Uncategorized

Tagged with , ,

8 Responses

Subscribe to comments with RSS.

  1. Openpacket.org is a brilliant idea!

    Niranjan

    April 21, 2009 at 7:52 pm

    • Yes it is, and to keep it going make sure you contribute! More pcaps are always required.

      -Leon

      leonward

      April 22, 2009 at 6:06 pm

  2. Hi
    I need traces for DNS ENUM over IP , over GTP and different field scenario………plz help

    Viv

    May 20, 2009 at 9:37 pm

    • It’s probably best to ask at openpacket.org rather than here.

      leonward

      May 27, 2009 at 1:45 pm

  3. The examples.pcap [1-7] is said to be “normal”.
    By this do you mean to say that there are no “malicious” or “attack” traffic?

    If this a lab generated traffic completely isolated from the internet?

    Ashley

    September 13, 2009 at 3:53 am

    • Kind of, the isn’t any intentional nastiness in 1-8, but there is in later pcaps in the series. The network was isolated from the Internet by a couple of firewalls preventing no ingress connections.
      The later files with malicious traffic in were larger than Openpacket’s max upload size, I think JJ may have increased it so ill try to upload the others again.

      Meanwhile, I have added a download link to the complete archive in the post above that contains both “clean” and “dirty” data.

      -Leon

      leonward

      September 14, 2009 at 8:24 am

  4. Hi,
    I have a question regarding usage of this pcap file.
    I am working on a virtual network. Do I need to create the same topology to be able to use this pcap sample?
    What are the preliminary steps for using this sample as the normal traffic in my network?

    Many thanks.

    Regards,
    Sama

    sama

    November 1, 2012 at 8:00 am

    • Hi,

      Things should be the same in the virtual world, just make sure your NIC is in promisc and can see the same traffic your sensor can view.
      -L

      leonward

      August 15, 2014 at 9:17 am


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: