Chris Sanders

I’ve managed to collect and create a lot of packet capture files over the past few years as a part of my teaching and learning, so I’ve decided to post those here. You are free to download and use these captures as you like with no restrictions. If you do find them useful however, I do ask you mention where they came from and maybe even make a small tax-deductible donation to the Rural Technology Fund.

(DL) – Download file

(CS) – View online with Cloudshark when size permits

Common Protocols

• arp_gratuitous.pcap (DL)(CS) – A gratuitous ARP packet
• arp_resolution.pcap (DL)(CS) – The ARP resolution process
• dhcp_inlease_renewal.pcap (DL)(CS) – A DHCP client obtaining an IP address while inside its lease time
• dhcp_nolease_renewal.pcap (DL)(CS) – A DHCP client obtaining an IP address while outside of its lease time
• dns_axfr.pcap (DL)(CS) – A DNS full zone transfer
• dns_query_response.pcap (DL)(CS) – A simple DNS query and response
• dns_recursivequery_client.pcap (DL)(CS) – A recursive query as viewed from the clients perspective
• dns_recursivequery_server.pcap (DL)(CS) – A recursive query as viewed from the intermediate servers perspective
• http_espn.pcap (DL)(CS) – HTTP communication while browsing to ESPN.com
• http_google.pcap (DL)(CS) – HTTP communication while browsing to ESPN.com
• icmp_echo.pcap (DL)(CS) – A sample of ICMP echo requests and replies created by the ping tool
• icmp_traceroute.pcap (DL)(CS) – Sample ICMP traffic generated by the traceroute tool
• ip_frag_source.pcap (DL)(CS) – Fragmented IP packets
• tcp_dupack.pcap (DL)(CS) – Duplicate ACK packets generated as a result of high latency
• tcp_handshake.pcap (DL)(CS) – The TCP connection initiation process
• tcp_refuseconnections.pcap (DL)(CS) – A TCP SYN followed by a RST from a failed communication attempt
• tcp_retransmissions.pcap (DL)(CS) – Example of retransmissions that are a result of dropped packets
• tcp_teardown.pcap (DL)(CS) – The TCP connection completion process
• tcp_zerowindowdead.pcap (DL)(CS) – TCP flow control halting an established connection
• tcp_zerowindowrecovery.pcap (DL)(CS) – TCP flow control stopping and then resuming an established connection

Security Related

• activeosfingerprinting.pcap (DL)(CS) – An NMap OS fingerprinting scan
• arppoison.pcap (DL)(CS) – Demonstration of ARP cache poisoning at the packet level
• aurora.pcap (DL)(CS) – A lab system being exploited by the aurora exploit used against Google and others. Created using Metasploit.
• ratinfected.pcap (DL)(CS) – A lab system infected with a remote access trojan sending data back to its upstream host
• synscan.pcap (DL)(CS) – A basic TCP SYN scan

Wireless Networking

• 80211beacon.pcap (DL)(CS) – An 802.11 wireless beacon packet collected from a WinPCap adapter
• 80211-WEPauth.pcap (DL)(CS) – A successful 802.11 wireless WEP authentication sequence
• 80211-WEPauthfail.pcap (DL)(CS) – A failed 802.11 wireless WEP authentication sequence
• 80211-WPAauth.pcap (DL)(CS) – A successful 802.11 wireless WPA authentication sequence
• 80211-WPAauthfail.pcap (DL)(CS) – A failed 802.11 wireless WPA authentication sequence