Malcolm-PCAP

This repository contains a collection of PCAPs that I have pulled from a variety of sources in order to test the network protocol analyzers, log parsers and dashboards of Malcolm.

These PCAP files have been merged and aligned chronologically but are otherwise unaltered. I do not claim ownership nor responsibility for the PCAP files nor their contents. Some of the PCAPs may contain examples of malware in their payloads. Use at your own risk.

PCAP collections online

For reference, here is a list of public packet capture repositories.

• ACandeias/IntrusionDetection/PCAP
• automayt/ICS-pcap - A collection of ICS/SCADA PCAPs
• chrissanders/packets - Packet Captures
• contagio - Collection of Pcap files from malware analysis
• DeepEnd Research - DeepEnd Research
• DEF CON® - Capture the Flag Archive
• elcabezzonn/Pcaps - spans from malware, to normal traffic, to pentester tools
• EvilFingers (archive.org cache)
• goffinet/sip_captures - SIP Captures
• ITI/ICS-Security-Tools/pcaps - ICS PCAPs developed as a community asset
• kargs.net
• kholia/my-pcaps
• M57 Patents Scenario
• Malware PCAPs
• Malware-Traffic-Analysis.net - Traffic Analysis Exercises
• markofu/pcaps
• mcfp.felk.cvut.cz - publicDatasets
• nesfit/DI-cryptominingdetection/PCAPs - PCAP files and data sets to Digital Investigation article
• NETRESEC
• Network Forensics Puzzle Contest
• PacketLife.net
• packetrat/packethunting - Resources and materials for DEF CON 2018 Packet Hunting Workshop
• PacketTotal
• PCAPLib
• PracticalPAcketAnalysis
• Security Onion
• Weberblog.net and the ultimate PCAP
• Wireshark Samples
• Wireshark Tutorial - Exporting Objects from a Pcap
• WRCCDC Public Archive

Test PCAP data sets from various projects

• arkime/arkime
• dd-wrt
• ntop/nDPI/tests/pcap
• pevma/mrp
• the-tcpdump-group/tcpdump
• Zeek and Zeek Plugins
  • zeek/zeek
  • 0xl3x1/zeek-EternalSafety
  • 0xxon/cve-2020-0601
  • 0xxon/cve-2020-13777
  • cisagov/icsnpp-bacnet
  • cisagov/icsnpp-bsap
  • cisagov/icsnpp-dnp3
  • cisagov/icsnpp-enip
  • cisagov/icsnpp-ethercat
  • cisagov/icsnpp-genisys
  • cisagov/icsnpp-modbus
  • cisagov/icsnpp-opcua-binary
  • cisagov/icsnpp-s7comm
  • corelight/CVE-2020-16898
  • corelight/CVE-2021-38647
  • corelight/CVE-2021-41773
  • corelight/cve-2021-44228
  • corelight/cve-2022-26809
  • corelight/http-more-files-names
  • corelight/zeek-community-id
  • corelight/zeek-spicy-ipsec
  • corelight/zeek-spicy-openvpn
  • corelight/zeek-spicy-ospf
  • corelight/zeek-spicy-stun
  • corelight/zeek-spicy-wireguard
  • corelight/zeek-xor-exe-plugin
  • corelight/zerologon
  • cybera/zeek-sniffpass
  • precurse/zeek-httpattacks
  • zeek/spicy-dhcp
  • zeek/spicy-dns
  • zeek/spicy-http
  • zeek/spicy-ldap
  • zeek/spicy-pe
  • zeek/spicy-tftp
  • zeek/spicy-zip