Public packet traces? (was Re: Benchmarking load generator?)

[Bennett Todd <bet () rahul net>]

tcpreplay does indeed look like exactly the tool I need, thanks all
for the ptrs!

I'm planning on doing my own benchmarking for our in-house purposes
with corresponding in-house packet captures. I'll certainly report
the benchmark results to this list, but it'd be most satisfying if I
could also post some results that other people could reproduce, or
that people could compare with identical tests run against different
hardware configs of the snorter.

This, of course, requires that we all have the same packet trace[s]
to hammer with.

And it'd be awfully nice if the results of this were really free of
usage restrictions of any sort.

The defcon9 capture the flag traces come with a usage request:

 These logs are not intended for any commercial purpose. The Shmoo
 Group and the DefCon 8.0 organizers specifically discourage use of
 this data for marketing use by intrusion detection system vendors.

I intend to honor that request, so I won't be posting results using
those traces. I can't offer my own captures for public download, as
they must be presumed to contain proprietary info. Anybody got a
decent completely public trace in pcap format? I really don't care
whether it's larded with attacks to set off snort or not; whether
or not such attacks are in there, we can still learn something of
interest. I personally favour deploying snorts positioned so they
see as few attacks as possible, and tuning them as much as necessary
to disable false positives, so a packet trace completely free of
any attacks wouldn't be a bad benchmark set for me. Others will
obviously differ.

But if someone could point me at a good pcap-format trace for public
unrestricted use I'd be very glad to use that.

-Bennett

Attachment: _bin
Description: