Worm traffic trace


Hi I need samples of differnt worms' traffic capture, that I can use them safely. Any body knows where I can find something like that?? and what procedures should be taken when I handle some traces like these??or even any other forum where I can ask . There are two sample captures in, I'm interested in slammer.pcap but I tried once to download it and there was a warning of opening this file, what I should do when I work with such files safely, I have a program that has to detect the scanning activity of worms and I need a capture to try it with to know if it is working with. Thanks

Sample captures in don't agree with what I'm looking for,the first one contains a packet of the worm, and the other is containing a packet showing an anomaly which is not what I'm looking for, I need a trace showing the scanning activity of the worm. I googled it too much but with no result!!!!!

(07 Dec '12, 08:00) Leena

Why don't you simply trace a nmap scan or similar or what exactly do you mean with "scanning activity of a worm"?!

(07 Dec '12, 08:10) Landi

Before worm break out it first scans either random ip addresses or sequential ones to get some vulnerable targets and then complete attack, I just need real examples because it looks more persuasive and maybe I could found other works on them to compare with mine to identify the advantages and disadvantages of the program,and maintain factors such as speed and other capabilities. It is a research work

(07 Dec '12, 09:47) Leena

One Answer:


As you are trying to build an IPS (based on your question history), I recommend this:


These datasets might be interesting as well.


Thanks a lot Kurt, I'll check it. May God Bless you

(07 Dec '12, 10:31) Leena

Sure,I won't forget.

(07 Dec '12, 17:45) Leena

There is also a link that contains a list of public pcap files for download It may help who needs pcap repositories. Thanks Kurt you are always helping

(17 Dec '12, 02:26) Leena