Pcaps

/opt/samples/

Security Onion 14.04 comes with several pcap samples in /opt/samples/.

Links

• http://www.malware-traffic-analysis.net/

• http://digitalcorpora.org/corpora/network-packet-dumps

• http://www.netresec.com/?page=PcapFiles

• https://github.com/bro/bro/tree/master/testing/btest/Traces

• http://old.honeynet.org/scans/

• http://cctf.shmoo.com/

• http://ee.lbl.gov/anonymized-traces.html

• https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Public_Data_Sets

• http://wiki.wireshark.org/SampleCaptures#Sample_Captures

• http://forensicscontest.com/puzzles

• https://www.evilfingers.com/repository/pcaps.php

• http://www.honeynet.org/node/504

• https://github.com/markofu/hackeire/tree/master/2011/pcap

• http://www.defcon.org/html/links/dc-ctf.html (You have to follow some of the links, which redirect to competitor blogs but there's lots of goodness).

tcpreplay

You can use tcpreplay to replay any of these pcaps on your Security Onion sensor. For example, please see here for a quick, easy use-case and what you should see in the Sguil console.