My packets, let me show you them

By stretch | Monday, June 30, 2008 at 12:59 a.m. UTC

Earlier this month I mentioned the Wireshark wiki's capture page was a great place to find various packet captures, but it is sorely lacking in structure (not to mention security). Inspired, I decided to piece together my own capture repository.

At the time of this writing, the archive contains fifty captures of various traffic types, with a heavy focus on routing protocols. Captures can be organized by category or included protocol, with a healthy amount of overlap. Many captures include a simple topology to aid in setting context (look for a 'view topology' link under each capture). An RSS feed lists the most recent captures, and leeching is supported.

Yes, there are already places to find packets, like the aforementioned Wireshark wiki page or OpenPacket.org. But I wanted a structured, custom format with an emphasis on networking, not applications. This capture database was designed to serve as a reference, particularly to save engineers the hassle of setting up an entire lab merely to generate a protocol header. Hopefully people will find these captures useful. Let me know what you think!

Please note that I am not currently accepting outside captures or requests for captures, although support is likely to be added in the future. I still have a quite a few captures to generate and upload, so be sure to check back once in a while.

About the Author

Jeremy Stretch is a freelance networking engineer, instructor, and the maintainer of PacketLife.net. He currently lives in Fairfax, Virginia, on the edge of the Washington, DC metro area. Although primarily an R&S guy, he likes to get into everything, and runs a free network training lab out of his basement for fun. You can contact him by email or follow him on Twitter.

Posted in Announcements

Comments

Richard Bannister (guest) commented on Monday, June 30, 2008 at 11:49 a.m. UTC

Absolutely Superb! :-)

I don't want to know how long it has taken you to put that collection together! (inc. diagrams)

Richard

nemako (guest) commented on Wednesday, July 2, 2008 at 3:24 p.m. UTC

Hi, thanks for that collection, it could be very usefull.

Just a remark, there is a bug with firefox on the protocols lists on the left :)

Thanks again for your website...

Tassos (guest) commented on Tuesday, July 8, 2008 at 5:11 p.m. UTC

Excellent idea! I really needed the mcast ones.

Leave a Comment


Register to comment as a member. You'll look cooler.

Optional; will not be displayed publicly or given out.

No commercial links. Only personal (e.g. blog, Twitter, or LinkedIn) and/or on-topic links, please.
FF:FF:FF:FF:FF:FF is a _____ MAC address.