Sample Captures

Home | Introduction | Download | Documentation | Lists | FAQ | Development

Sample Captures

So you're at home tonight, having just discovered the Ethereal project. You downloaded the ethereal source code, compiled it, and want to take the program for a test drive. But your home LAN doesn't have any interesing or exotic packets on it? Here's some goodies to try. Please note that if for some reason you disabled zlib support in Ethereal, you'll have to gunzip any of the following files that are gzipped.

Sample Traces

  1. dualhome.iptrace: (AIX iptrace) Shows ethernet and token-ring packets captured in the same file.
  2. v6.pcap: (libpcap) Shows IPv6 and ICMPv6 packets.
  3. genbroad.snoop: (Solaris snoop) Netware, Appletalk, and other broadcasts on an ethernet network.
  4. ipv6-ripng.gz: (libpcap) RIPng packets (IPv6)
  5. ascend.trace.gz: (Ascend WAN router) Shows how Ethereal parses special Ascend data
  6. pim-reg.cap: (libpcap) Protocol Independent Multicast, with IPv6 tunnelled within IPv6
  7. toshiba.general.gz: (Toshiba) Just some general usage of a Toshiba ISDN router. There are three link types in this trace: PPP, Ethernet, and LAPD.
  8. afs.cap.gz: (libpcap) Andrew File System, based on RX protocol. Various operations.
  9. vlan.cap.gz: (libpcap) Lots of different protocols, all running over 802.1Q virtual lans.
  10. imap.cap.gz: (libpcap) A short IMAP session using Mutt against an MSX server.
  11. bootparams.cap.gz: (libpcap) A couple of rpc.bootparamsd 'getfile' and 'whoami' requests.
  12. mapi.cap.gz: (libpcap) MAPI session w/ Outlook and MSX server, not currently decoded by Ethereal.
  13. nfsv2.pcap.gz: (libpcap) Fairly complete trace of all NFS v2 packet types.
  14. nfsv3.pcap.gz: (libpcap) Fairly complete trace of all NFS v2 packet types.
  15. mpls-te.cap: (libpcap) MPLS Traffic Engineering sniffs. Includes RSVP messages with MPLS/TE extensions and OSPF link updates with MPLS LSAs.
  16. mpls-basic.cap: (libpcap) A basic sniff of MPLS-encapsulated IP packets over Ethernet.
  17. mpls-exp.cap: (libpcap) IP packets with EXP bits set.
  18. mpls-twolevel.cap: (libpcap) An IP packet with two-level tagging.
  19. bgp.pcap.gz: (libpcap) BGP packets, including AS path attributes.
  20. gryphon.cap: (libpcap) A trace of Gryphon packets. This is useful for testing the Gryphon plug-in.
  21. atm_capture1.cap: (libpcap) A trace of ATM Classical IP packets.
  22. rtp_example.raw.gz: (libpcap) A VoIP sample capture.
  23. rpl_sample.cap.gz: (libpcap) A RIPL sample capture.
  24. nfs_bad_stalls.cap: (libpcap) An NFS capture containing long stalls (about 38ms) in the middle of the responses to many read requests. This is useful for seeing the staircase effect in TCP Time Sequence Analysis.
  25. netbench_1.cap: (libpcap) A capture of a reasonable amount of NetBench traffic. It is useful to see some of the traffic a NetBench run generates.
  26. telnet-cooked.pcap: (libpcap) A telnet session in "cooked" (per-line) mode.
  27. telnet-raw.pcap: (libpcap) A telnet session in "raw" (per-character) mode.

Crack Traces

  1. teardrop.cap: Packets 8 and 9 show the overlapping IP fragments in a Teardrop attack.
  2. zlip-1.pcap: DNS exploit, endless, pointing to itself message decompression flaw.
  3. zlip-2.pcap: DNS exploit, endless cross referencing at message decompression.
  4. zlip-3.pcap: DNS exploit, creating a very long domain through multiple decompression of the same hostname, again and again.
  5. Captures of traffic generated by the PROTOS test suite developed at the University of Oulu:

If you have any interesting packet captures that you would like to share with the world, feel free to e-mail them to Gilbert. Just make sure that you didn't capture any passwords in your file!