This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

[closed] Getting MORE sample wireshark crack traces (.pcap files) with DoS (Anyone else? any more suggestions??)

0

Dear Sir/Madam,

I would like to get MORE sample wireshark traces (.cap or .pcap files) that contains Denial of Service events that comes from Wireshark. I have gotten one sample trace for SYN-Flood and one sample trace for Teardrop attack (already have them). Can anyone provide MORE sample traces that contain the following DoS attacks? Eg. ICMP flood,Smurf attack, ping flood, ping of death, Peer-to-peer attacks, Reflected / Spoofed attacks, Application-level floods, Distributed attack etc. I need such sample traces because i hardly find them on http://pcapr.net/home and http://wiki.wireshark.org/SampleCaptures and some other sources that provide sample wireshark captures. Does anyone know where to get them or have them?? I still want some more.......

Thank You.

Best Regards,

Misteryuku.

asked 12 Apr '12, 17:59

misteryuku's gravatar image

misteryuku
20242630
accept rate: 0%

edited 23 May '12, 17:49

1
(13 Apr '12, 01:24) SYN-bit ♦♦
1

I reopened it as I think @misteryuku is actually asking for a sample capture containing DOS events, not quite the same as his original which seemded to be asking how wireshark could filter out DOS events.

(13 Apr '12, 02:16) grahamb ♦

I'm quite sorry about it. I must have misphrased the question. Yeah i was asking for a sample capture containing DoS events.

(13 Apr '12, 05:47) misteryuku

@misteryuku, You've bumped this question 40+ times in the last 30 days. Please stop doing that. Thanks.

(21 May '12, 21:52) helloworld

The question has been closed for the following reason “The question is answered, right answer was accepted” by helloworld 21 May ‘12, 21:53


2 Answers:

2

I uploaded a (very short) Syn Flood sample trace file at http://www.cloudshark.org/captures/ba85949942a0. There's a download link on top of the page if you want to get the pcap file.

It is taken from a real life attack that slammed a 1Gig/s line shut for about a week. The trace is anonymized in regard of the target IP and MAC, of course, but it shows packets coming from the original IP source addresses.

answered 13 Apr '12, 02:26

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Do you have any more sample traces showing different types of DOS attack occurence?

(06 May '12, 06:19) misteryuku

Yes, but none I can distribute, sorry.

(06 May '12, 07:23) Jasper ♦♦

okay. Never mind.

(06 May '12, 17:55) misteryuku

Anyone else please??

(06 May '12, 17:55) misteryuku

0

1.) http://goo.gl/JZtMu

2.) I suggest you build your own honeynet and start watching the attacks coming in (http://www.honeynet.org/).

Regards
Kurt

answered 09 May '12, 02:02

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 09 May '12, 02:09

(10 May '12, 20:08) Guy Harris ♦♦