OpenPacket.org has some.<br><br><div class="gmail_quote">On Fri, Sep 17, 2010 at 5:35 PM, Will Metcalf <span dir="ltr"><<a href="mailto:william.metcalf@...2499...">william.metcalf@...2499...</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Here are some more up-to-date data sets...<br>
<br>
<a href="http://sourceforge.net/apps/mediawiki/networkminer/index.php?title=Publicly_available_PCAP_files" target="_blank">http://sourceforge.net/apps/mediawiki/networkminer/index.php?title=Publicly_available_PCAP_files</a><br>

<br>
Additionally have a look at...<br>
<br>
<a href="http://ictf.cs.ucsb.edu/data.php" target="_blank">http://ictf.cs.ucsb.edu/data.php</a><br>
<br>
Anybody else have any other good ones?  I like pcaps... they make me happy.. ;-)<br>
<br>
Regards,<br>
<font color="#888888"><br>
Will<br>
</font><div><div></div><div class="h5"><br>
<br>
On Fri, Sep 17, 2010 at 2:56 PM, Joel Ebrahimi <<a href="mailto:joel.ebrahimi@...2499...">joel.ebrahimi@...2499...</a>> wrote:<br>
> He is referring to the DARPA pcaps for IDS testing. You can get more info here:<br>
><br>
>    <a href="http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/" target="_blank">http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/</a><br>
><br>
> Basically you are using the -r flag to specify you are reading from a<br>
> pcap file rather than an interface.<br>
><br>
> // Joel<br>
><br>
> On Fri, Sep 17, 2010 at 10:45 AM, Andres carrera<br>
> <<a href="mailto:protoss_black88@...445...">protoss_black88@...3115...5...</a>> wrote:<br>
>><br>
>><br>
>>> Date: Fri, 17 Sep 2010 16:50:09 +0200<br>
>>> From: <a href="mailto:Bernhard.Guillon@...3094...">Bernhard.Guillon@...3094...</a><br>
>>> To: <a href="mailto:protoss_black88@...445...">protoss_black88@...445...</a><br>
>>> CC: <a href="mailto:snort-devel@lists.sourceforge.net">snort-devel@lists.sourceforge.net</a><br>
>>> Subject: Re: [Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection<br>
>>><br>
>>> On 17.09.2010 16:01, Andres Carrera Rivera wrote:<br>
>>> > I put preprocessor phad:<br>
>>> > training_time 446400<br>
>>> ><br>
>>> ><br>
>>> > on the snort.conf file, but when running snort, I got this ERROR:<br>
>>> > Unknown preprocessor: "phad"<br>
>>> ><br>
>>> > snort, doesn't recognize PHAD?<br>
>>> > How can I solve this problem..<br>
>>> ><br>
>>> ><br>
>>><br>
>>> Ah, I forgot to add plugbase.c to my patch. I just fixed it and uploaded<br>
>>> the patch to the old location :)<br>
>><br>
>> ok so its the same file, in the same location, right?<br>
>><br>
>> snort-2.8.6-spp_phad.diff, right?<br>
>> and patch it as always<br>
>><br>
>><br>
>>> Just redo the steps including the download.<br>
>>><br>
>>> with<br>
>>><br>
>>> preprocessor phad: training_time 14400<br>
>>><br>
>>> and the DARPA set [1] (using -r switch) you will get some nice alerts :)<br>
>>><br>
>>> Best regards<br>
>>> Bernhard Guillon<br>
>>><br>
>>> 1<br>
>>><br>
>>> <a href="http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999/training/week1/monday/inside.tcpdump.gz" target="_blank">http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999/training/week1/monday/inside.tcpdump.gz</a><br>

>>><br>
>><br>
>> Mmm I havent Work with the DARPA, How can I use, It work with snort Too?<br>
>><br>
>> thanks, Andres Carrera<br>
>><br>
>><br>
>> ------------------------------------------------------------------------------<br>
>> Start uncovering the many advantages of virtual appliances<br>
>> and start using them to simplify application deployment and<br>
>> accelerate your shift to cloud computing.<br>
>> <a href="http://p.sf.net/sfu/novell-sfdev2dev" target="_blank">http://p.sf.net/sfu/novell-sfdev2dev</a><br>
>> _______________________________________________<br>
>> Snort-devel mailing list<br>
>> <a href="mailto:Snort-devel@lists.sourceforge.net">Snort-devel@...3069...ists.sourceforge.net</a><br>
>> <a href="https://lists.sourceforge.net/lists/listinfo/snort-devel" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-devel</a><br>
>><br>
>><br>
><br>
> ------------------------------------------------------------------------------<br>
> Start uncovering the many advantages of virtual appliances<br>
> and start using them to simplify application deployment and<br>
> accelerate your shift to cloud computing.<br>
> <a href="http://p.sf.net/sfu/novell-sfdev2dev" target="_blank">http://p.sf.net/sfu/novell-sfdev2dev</a><br>
> _______________________________________________<br>
> Snort-devel mailing list<br>
> <a href="mailto:Snort-devel@lists.sourceforge.net">Snort-devel@...2969....sourceforge.net</a><br>
> <a href="https://lists.sourceforge.net/lists/listinfo/snort-devel" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-devel</a><br>
><br>
<br>
------------------------------------------------------------------------------<br>
Start uncovering the many advantages of virtual appliances<br>
and start using them to simplify application deployment and<br>
accelerate your shift to cloud computing.<br>
<a href="http://p.sf.net/sfu/novell-sfdev2dev" target="_blank">http://p.sf.net/sfu/novell-sfdev2dev</a><br>
_______________________________________________<br>
Snort-devel mailing list<br>
<a href="mailto:Snort-devel@lists.sourceforge.net">Snort-devel@...1685...ceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-devel" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-devel</a><br>
</div></div></blockquote></div><br>