Collaborative Network Forensics

- by Mu Dynamics Have you checked out Mu Studio?
New! Try xtractr, a collaborative cloud application to unleash the power of packets!
What good is a large pcap if you can't mine the data, peek into it, search for terms and interactively explore conversations? We took a number of publicly available pcaps, indexed them and added a dash of Web 2.0 love. With over 22.8 GBytes and 54.9 million packets, this represents the largest collection of indexed pcaps online.

Network Forensics on such a large scale becomes a lonely, tiring endeavor. To cheer things up, we've added the ability for you to attach notes to packets and cross correlate interesting packets with other ones. You can also share cool searches with the rest of the community. This means you can flag packets with insightful (or not) comments about why you thought it was interesting. While you are at it, maybe you can find out who actually captured the flag?

Social nOtworking has never been this much fun!

Register or login to browse all datasets.

Hack.Lu 2009

Captures from a honepot for the Information Security Visualization Contest. "For the 2009 conference, we make a contest to visualize data collected (network and tty captures) in a honeypot"

capture_2149 MB1505485 packets
capture_1441 MB1505481 packets
capture_3118 MB1312221 packets


Capture the Flag event at Defcon17 published by the Diutinus Defense. "The DEFCON 17 CTF packet captures and binaries are now available via bittorrent."

ctf_dc17.10.14477 MB2074952 packets
ctf_dc17.30.34477 MB2045869 packets
ctf_dc17.45.49477 MB2032016 packets
ctf_dc17.25.29477 MB2024474 packets
ctf_dc17.15.19477 MB2007859 packets
ctf_dc17.35.39477 MB2002019 packets
ctf_dc17.40.44477 MB1984441 packets
ctf_dc17.20.24477 MB1972216 packets
ctf_dc17.5.9477 MB1928086 packets
ctf_dc17.0.4477 MB1885459 packets
ctf_dc17.70.74477 MB1826477 packets
ctf_dc17.65.69477 MB1639862 packets
ctf_dc17.60.64477 MB1516156 packets
ctf_dc17.50.54477 MB1490716 packets
ctf_dc17.55.59477 MB1291874 packets
ctf_dc17.75.77268 MB890488 packets

Information Technology Operations Center

Captures from the 2009 Inter-Service Academy Cyber Defense Competition. "The annual competition pits the service academies, including West Point, against an actual National Security Agency Red Team. We release these data and log files in order to augment existing datasets to help develop better methods for detecting intrusions and attacks against our critical network infrastructure."

Update: If you are wondering why half of most conversations are missing, it's because of a misconfiguration during the capture.

2009-04-21-04-06-19.dmp11954 MB1789827 packets
2009-04-21-04-06-19.dmp112954 MB1777878 packets
2009-04-21-04-06-19.dmp14954 MB1527784 packets
2009-04-21-04-06-19.dmp111954 MB1521127 packets
2009-04-21-04-06-19.dmp113954 MB1276181 packets
2009-04-21-04-06-19.dmp12954 MB1274925 packets
2009-04-21-04-06-19.dmp114311 MB1195894 packets
2009-04-21-04-06-19.dmp19954 MB1178794 packets
2009-04-21-04-06-19.dmp15954 MB1172566 packets
2009-04-21-04-06-191954 MB972863 packets
2009-04-21-04-06-19.dmp16954 MB906472 packets
2009-04-21-04-06-19.dmp18954 MB859192 packets
2009-04-21-04-06-19.dmp13954 MB677432 packets
2009-04-21-04-06-19.dmp17954 MB660921 packets


Capture the Flag event at Defcon11 published by the Shmoo Group. "This archive contains data logged during the Capture the Flag Contest at DefCon. The Shmoo Group is publishing this data to promote the creation of more secure software and to offer data for research purposes."

ulogd.znb0.2295 MB1223053 packets
ulogd.znb3.3355 MB812140 packets
ulogd.znb6.2314 MB759755 packets
ulogd.znb1.2198 MB750415 packets
ulogd.znb4.3334 MB662520 packets
ulogd.znb5.3334 MB662291 packets
ulogd.znb1.3205 MB639957 packets
ulogd.znb0.385 MB607051 packets
ulogd.znb6.3229 MB599196 packets
ulogd.znb3314 MB458776 packets
ulogd.znb4.253 MB417630 packets
ulogd.znb5.253 MB417242 packets
ulogd.znb3.2109 MB329476 packets
ulogd.znb6191 MB314775 packets
ulogd.znb2.399 MB269648 packets
ulogd.znb2.275 MB197519 packets
ulogd.znb541 MB123782 packets
ulogd.znb441 MB123229 packets
ulogd.znb132 MB83504 packets
ulogd.znb230 MB71967 packets
ulogd.eth0.211 MB30695 packets
ulogd.eth04 MB28995 packets
ulogd.eth0.32 MB9955 packets

If you know of other open repositories (with full packet contents), do let us know. We are happy to make them available to the community.