Pcaps

/opt/samples/

Security Onion 12.04 comes with several pcap samples in /opt/samples/.

Links

• http://www.malware-traffic-analysis.net/

• http://digitalcorpora.org/corpora/network-packet-dumps

• https://www.openpacket.org/ (Security Onion 12.04 contains some pcaps from openpacket.org. You can find them at /opt/samples/.)

• http://www.netresec.com/?page=PcapFiles

• http://old.honeynet.org/scans/

• http://www.novell.com/connectionmagazine/laurachappell.html

• http://cctf.shmoo.com/

• http://ee.lbl.gov/anonymized-traces.html

• https://www.openpacket.org/post/showthread/49

• https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Public_Data_Sets

• http://wiki.wireshark.org/SampleCaptures#Sample_Captures

• http://forensicscontest.com/puzzles

• https://www.evilfingers.com/repository/pcaps.php

• https://www.openpacket.org/capture

• http://www.honeynet.org/node/504

• https://github.com/markofu/hackeire/tree/master/2011/pcap

• http://www.defcon.org/html/links/dc-ctf.html (You have to follow some of the links, which redirect to competitor blogs but there's lots of goodness).

tcpreplay

You can use tcpreplay to replay any of these pcaps on your Security Onion sensor. For example, please see here for a quick, easy use-case and what you should see in the Sguil console.