Hi I need samples of differnt worms' traffic capture, that I can use them safely. Any body knows where I can find something like that?? and what procedures should be taken when I handle some traces like these??or even any other forum where I can ask . There are two sample captures in wireshark.org, I'm interested in slammer.pcap but I tried once to download it and there was a warning of opening this file, what I should do when I work with such files safely, I have a program that has to detect the scanning activity of worms and I need a capture to try it with to know if it is working with. Thanks asked 07 Dec '12, 03:15 Leena |
One Answer:
As you are trying to build an IPS (based on your question history), I recommend this:
UPDATE: These datasets might be interesting as well.
Regards answered 07 Dec '12, 09:58 Kurt Knochner ♦ edited 08 Dec '12, 01:15 Thanks a lot Kurt, I'll check it. May God Bless you (07 Dec '12, 10:31) Leena good luck. If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions. (07 Dec '12, 12:11) Kurt Knochner ♦ Sure,I won't forget. (07 Dec '12, 17:45) Leena There is also a link that contains a list of public pcap files for download http://www.netresec.com/?page=PcapFiles It may help who needs pcap repositories. Thanks Kurt you are always helping (17 Dec '12, 02:26) Leena |
Sample captures in wireshark.org don't agree with what I'm looking for,the first one contains a packet of the worm, and the other is containing a packet showing an anomaly which is not what I'm looking for, I need a trace showing the scanning activity of the worm. I googled it too much but with no result!!!!!
Why don't you simply trace a nmap scan or s.th. similar or what exactly do you mean with "scanning activity of a worm"?!
Before worm break out it first scans either random ip addresses or sequential ones to get some vulnerable targets and then complete attack, I just need real examples because it looks more persuasive and maybe I could found other works on them to compare with mine to identify the advantages and disadvantages of the program,and maintain factors such as speed and other capabilities. It is a research work