공개된 PCAP파일 예제들
http://www.netresec.com/?page=PcapFiles
각종 환경에서 캡처한 네트워크 패킷 샘플들과 첼린지에서 활용한 네트워크 패킷샘플들을 한 곳에 모아놓은 사이트입니다. 접할 수 없는 환경을 연구하거나 교육을 할 시에 활용을 할 수 있습니다.
예제 스크립트(출처: http://www.netresec.com/?page=PcapFiles)
MACCDC - Pcaps from National CyberWatch Mid-Atlantic Collegiate Cyber Defense Competition
http://www.netresec.com/?page=MACCDC
Wireshark Sample Capures
http://wiki.wireshark.org/SampleCaptures
http://wiki.wireshark.org/Development/PcapNg#Example_pcapng_Capture_File
DARPA Intrusion Detection Data Sets from 1998 and 1999
http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/
OpenPacket.org Capture Repository (maintained by JJ Cummings created by Richard Bejtlich)
https://www.openpacket.org/capture/list
Captures from the "2009 Inter-Service Academy Cyber Defense Competition" served by Information Technology Operations Center (ITOC), United States Military Academy
https://www.itoc.usma.edu/research/dataset/
Over 4 GB of network forensic training data from DEEP (Digital Evaluation and Exploitation Department of Computer Science, Naval Postgraduate School). Case details can be found at Jesse Kornblum's blog.
http://digitalcorpora.org/corpora/network-packet-dumps (HTTP)
http://terasaur.org/item/downloads/computer-forensics-2009-m57-scenario/187 (Torrent)
PacketLife.net Packet Captures (Jeremy Stretch)
http://packetlife.net/captures/
http://packetlife.net/captures/leech/
MOME database
http://www.ist-mome.org/database/MeasurementData/?cmd=databrowse
EvilFingers PCAPs
https://www.evilfingers.com/repository/pcaps.php
Wireshark Network Analysis Study Guide (Laura Chappell)
http://wiresharkbook.com/studyguide.html (see "Book Supplements" or use this direct link to the 1.5 TB pcap file set)
Wireshark 101 Essential Skills for Network Analysis (Laura Chappell)
http://wiresharkbook.com/wireshark101.html (see "Book Supplements" or use this direct linkt to the 330 MB zip file)
Laura's Lab Kit v.9 ISO image (old)
http://cdn.novell.com/cached/video/bs_08/LLK9.iso
Sample capture files from: "Practical Packet Analysis - Using Wireshark to Solve Real-World Network Problems" by Chris Sanders
http://www.nostarch.com/download/ppa-capture-files.zip
DEFCON Capture the Flag Contest traces (from DEF CON 8, 10 and 11)
http://cctf.shmoo.com/
DEFCON 17 Capture the Flag Contest traces
http://ddtek.biz/dc17.html
https://media.defcon.org/torrent/DEF CON 17 CTF.torrent (torrent)
https://media.defcon.org/dc-17/DEFCON 17 Hacking Conference - Capture the Flag complete packet capture.rar (direct download)
DEFCON Capture the Flag pcaps (see collections of files related to the Capture the Flag contest from DEF CON 17 to 21)
https://www.defcon.org/html/links/dc-torrent.html
https://www.defcon.org/html/torrent/DEF%20CON%2018%20CTF.torrent (DEF CON 18 torrent)
https://www.defcon.org/html/torrent/DEF%20CON%2019%20CTF.torrent (DEF CON 19 torrent)
https://www.defcon.org/html/torrent/DEF%20CON%2020%20ctf.torrent (DEF CON 20 torrent)
https://www.defcon.org/html/torrent/DEF%20CON%2021%20ctf%20friday.torrent (DEF CON 21 torrent, Friday)
Capture the hacker 2013 competition (by Dr. David Day of Sheffield Hallam University)
http://www.snaketrap.co.uk/ contains honeypot PCAP files from three different setups:
- NAPENTHES: http://www.snaketrap.co.uk/pcaps/Ncapture.pcap
- HONEYBOT: http://www.snaketrap.co.uk/pcaps/hbot.pcap
- AMAZON: http://www.snaketrap.co.uk/pcap/hptcp.pcap
Anonymous FTP connections to public FTP servers at the Lawrence Berkeley National Laboratory
http://www-nrg.ee.lbl.gov/anonymized-traces.html
Pcapr (Mu Dynamics) - A capture repository with pcap files of various traffic types
http://www.pcapr.net/
Network Foreniscs Puzzle Contest (by Lake Missoula Group, LLC)
http://forensicscontest.com/puzzles
CSAW CTF 2011 pcap files
http://captf.com/2011/CSAW-quals/networking/
http://repo.shell-storm.org/CTF/CSAW-2011/Networking/
Pcap files from UCSB International Capture The Flag, also known as the iCTF (by Giovanni Vigna)
https://ictf.cs.ucsb.edu/data.php
HackEire Challenge pcaps from IRISSCON (by HackEire)
https://github.com/markofu/hackeire/
Understand project Downloads - Lots of different capture file formats (pcap, pcapng/ntar, pcangpklg and more...)
http://code.google.com/p/understand/downloads/list
I Smell Packets (website)
https://docs.google.com/leaf?id=0Bw6BFSu9NExVMjBjZDRkMTgtMmMyZi00M2ZlLWI2NzgtODM5NTZkM2U4OWQ1
ISCX 2012 Dataset. Over 80 GB of pcap data available for researchers (created by Ali Shiravi, Hadi Shiravi, and Mahbod Tavallaee from University of New Brunswick)
http://iscx.ca/dataset-request-form
Research PCAP datasets from FOI's Information Warfare Lab (FOI is The Swedish Defence Research Agency)
ftp://download.iwlab.foi.se/dataset/smia2011/Network_traffic/ (SMIA 2011)
ftp://download.iwlab.foi.se/dataset/smia2012/network_traffic/pcap/ (SMIA 2012)
Contagio Malware Dump: Collection of PCAP files categorized as APT, Crime or Metasplot
http://www.mediafire.com/?a49l965nlayad (see blog post)
WARNING: The password protected zip files contain real malware
Also see Contagio's PCAP files per case:
- Trojan.Tbot http://contagiodump.blogspot.com/2012/12/dec-2012-skynet-tor-botnet-trojantbot.html
- ZeroAccess Trojan http://contagiodump.blogspot.com/2012/10/blackhole-2-exploit-kit-files-partial.html
- CVE-2012-4681 http://contagiodump.blogspot.com/2012/09/cve-2012-4681-samples-original-apt-and.html
- Trojan Taidoor http://contagiodump.blogspot.com/2011/11/nov-3-cve-2011-0611-1104statmentpdf.html
- Poison Ivy CnC http://contagiodump.blogspot.com/2011/07/message-targeting-experts-on-japan.html
Packet collections in PCAP-NG format by @egeektronic
http://stuff.egeektronic.com/packets
Internet Traffic Archive (Berkeley Lab) - mostly tcpdump ASCII output
http://ita.ee.lbl.gov/html/traces.html
Pcap files with attacks against Industrial Control Systems (created by US Cyber Challenge) - See Cyber Quest February 2012
http://uscc.cyberquests.org/
WITS: Waikato Internet Traffic Storage (traces in ERF format with headers plus 4 bytes of application data)
http://wand.net.nz/wits/
The FTP site uses rate limiting for IPv4 connections, but no ratelimit for IPv6 connections.
Bro IDS trace files (no application layer data)
ftp://ftp.bro-ids.org/enterprise-traces/hdr-traces05/
SimpleWeb captures (mainly packet headers)
http://www.simpleweb.org/wiki/Traces
Wireless LAN Traces from ACM SIGCOMM'01 (no application layer data)
http://sysnet.ucsd.edu/pawn/sigcomm-trace/
Wireshark Fuzzed Protocol Capures (only fuzzed packets)
ftp://wireshark.org/automated/captures/
Single PCAP files
Honeynet.org's Scan of the Month PCAPs
http://www.honeynet.org/scans/scan27/
http://www.honeynet.org/scans/scan28/
Raul Siles, “Pcap files containing a roaming VoIP session”
http://www.raulsiles.com/downloads/VoIP_roaming_session.zip
Russ McRee, W32/Sdbot infected machine
http://holisticinfosec.org/toolsmith/files/nov2k6/toolsmith.pcap
hack.lu 2009 Information Security Visualization Contest (honeypot traffic, mostly SSH and HTTP)
http://2009.hack.lu/index.php/InfoVisContest
DFRWS 2008 Challenge
http://www.dfrws.org/2008/challenge/submission.shtml
DFRWS 2009 Challenge
http://www.dfrws.org/2009/challenge/submission.shtml
Barracuda Labs on the PHP.net Compromise [blog post]
PCAP: http://barracudalabs.com/downloads/5f810408ddbbd6d349b4be4766f41a37.pcap
Barracuda Labs on the Cracked.com Malware [blog post]
PCAP: https://copy.com/UoJTysFFh6ef
Online PCAP Services
Convert PcapNG files to PCAP format
http://pcapng.com/
CloudShark
http://www.cloudshark.org/
출처 : http://chogar.blog.me/80205993456
'Skills > Network' 카테고리의 다른 글
Ping으로 목적지의 OS 알아보기 (0) | 2014.05.22 |
---|---|
Promiscuous Mode (0) | 2014.05.22 |
네트워크 모니터링 툴(와이어샤크)구현원리 - 2째 이야기 (0) | 2014.05.09 |
netinet/ip.h [iphddr, ip] (0) | 2014.05.09 |
netinet/in.h - IP 헤더에 프로토콜 번호 매크로 (0) | 2014.05.09 |
댓글