[root <root@xxxxxxxx>]

Hi,

I uploaded some captures from various places to
http://www.aa-security.de/dumps. Some are taken from the ethereal site
and some are from other places (I hope I didn't use any copyrighted
captures).

I'd like to add alot of more capture files to this site, if anyone
has public captures he wants to share, please send me some lines.

--------------------------------------------------------------------
| Please send me capture files of test-networks only and make sure |
| you didn't capture any sensible data (passwords for example)!    |
--------------------------------------------------------------------

If I have enough files, I'll create a simple homepage describing each
capture. I'll also convert the captures to various other formats.



Thank you,
Martin Kluge
---------------------------------
Name    : Martin Kluge
email   : martin@xxxxxxxxxx
Phone   : +49 160 1530201
Projects: http://www.aa-security.de


> Hi,
>
> Hm. I think we should be careful here. Even if the tracefiles are from a
> demo
> they are still copyrighted so we should not use them I think.
>
> It would be much better only to use captures we create ourself.
>
>
> Perhaps you can send out a query for people to specify what kind of capture
> files we would need and then you youd ask on the mailing list for people
> that could create
> such captures and donate to your demo capture project.
>
> I am certain your repository already contain lots of captures which would be
> very interesting and educational for a new ethereal user to study.
> But make VERY CERTAIN that any such captures you donate are taken from
> the test network and not from a production network and that they do not
> contain any data that might be sensitive.
>
> Also, prune the captures as well before donating them to the webpage.
> I think the optimal size for these kind of packets are 5-50kb.
>
>
> I would like to see iSCSI captures. Preferably both draft-14 and also
> earlier drafts.
> h.323
> NDMP
> w2k authentication
> active directory
> Capture showing TCP sequence number wrapping.
> Small capture showing TCP packetloss with FastRetransmit due to duplicate
> ACKs
> Capture showing SlowStart for TCP.
> Capture showing one FastRetransmit, SlowStart and TCP switching from
> SlowStart to CongestionAvoidance.
> Capture showing Reno thruput dying due to multiple lost packets.
> Capture showing NewReno recovering from multiple packetloss.
> Capture showing SACK recovring from multiple packetloss.
> Capture showing Tahoe recovering from packetloss (might be difficult to
> obtain)
> A capture with one DNS pdu spanning multiple TCP segments, with instruction
> on how to turn on/off DNSoverTCP reassembly.
> Similar captures for as many of the other protocols supporting TCP
> desegmentation as well.
> Capture with fragmented IPv4 with instructions on how to enable/disable
> fragment reassembly.
>
>
>
>
> ----- Original Message -----
> From: "Fred Mendez"
> Sent: Thursday, September 19, 2002 3:36 AM
> Subject: RE: [Ethereal-users] testing with traces
>
>
> > I can start by providing the, Trace files demo's that NAI Sniffer has
> > provided in there Sniffer School.  The CD has 277 enc, 93 trc, 31 atc and
> 39
> > syc traces.  These traces have been arround for a while but they do
> provide
> > some good protocol and network issues cases.
> >
> > I do have my own private repository of traces that I created/collected
> > through the years from my test lab network and remote sites.
> >
> > I'm attaching a text file that shows the different protocols I have traces
> > for.  I will be happy to share traces that cover these specific protocols.
> > All that I ask is that I can get traces in return for protocols that I
> don't
> > have.
> >
> > Also, I will not be able to provide traces that have any sensitive data
> > associated with them not unless I modify some of the content data to
> protect
> > the innocent.
> >
> > I'm willing to work with any single person privately or a more formal
> > structure can be put in place.  This is the first time I've sent email to
> > your users group and I'm not even a member of your group yet.  What would
> be
> > the next step to take?
> >
> > Sincerely,
> > Fred Mendez
>
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>