Find PCAP files with Google

Perlan, Reykjavik, Iceland by Vestman

We at Netresec maintain a list showing where pcap files can be found on the Internet. Some pcap repositories in this list, like Pcapr and have quite extensive lists of pcap files with indexed meta data about what protocols each pcap file contains.

However, sometimes I find my self in need of traffic from some particular application or protocol, which I'm not able to generate myself. These are situations when I turn to Google for answers. In the spirit of “Google hacking” you can use keywords like “filetype:pcap” or “ext:pcap” to find pcap files. You can also add the letter í (notice the acute accent) to the search query in order to remove some non-pcap files from the search results. The reason why this works is because Google interpret a part of the PCAP file header fields as the letter í. It is also usually a good idea to further limit your search by adding some data specific for the traffic you're looking for into the search query.

You can, for example, use this query to find SMTP traffic (VXNlcm5hbWU6 is 'Username:' Base64 encoded):

í VXNlcm5hbWU6 ext:pcap

You can find Gmail traffic with (notice the use of the gmailchat cookie):

í gmailchat ext:cap

SMB / CIFS traffic can be found with:

í SMB ext:pcap

I think you get the hang of this now...

Happy Googling!

More... Share  |  Facebook   Twitter   Reddit   Hacker News Short URL:

Posted by Erik Hjelmvik on Sunday, 17 July 2011 09:31:00 (UTC/GMT)


NETRESEC on Twitter

Follow @netresec on twitter:


Recommended Books

» The Practice of Network Security Monitoring, Richard Bejtlich (2013)

» Applied Network Security Monitoring, Chris Sanders and Jason Smith (2013)

» Network Forensics, Sherri Davidoff and Jonathan Ham (2012)

» The Tao of Network Security Monitoring, Richard Bejtlich (2004)

» Practical Packet Analysis, Chris Sanders (2017)

» Windows Forensic Analysis, Harlan Carvey (2009)

» TCP/IP Illustrated, Volume 1, Kevin Fall and Richard Stevens (2011)

» Industrial Network Security, Eric D. Knapp and Joel Langill (2014)