Publicly available PCAP files

Cyber Defence Exercises (CDX)

This category includes network traffic from exercises and competitions, such as Cyber Defense Exercises (CDX) and red-team/blue-team competitions.

MACCDC - Pcaps from National CyberWatch Mid-Atlantic Collegiate Cyber Defense Competition
https://www.netresec.com/?page=MACCDC

ISTS - Pcaps from the Information Security Talent Search
https://www.netresec.com/?page=ISTS

WRCCDC - Pcaps from the Western Regional Collegiate Cyber Defense Competition (over 1TB of PCAPs)
https://archive.wrccdc.org/pcaps/

Captures from the "2009 Inter-Service Academy Cyber Defense Competition" served by Information Technology Operations Center (ITOC), United States Military Academy
https://www.westpoint.edu/centers-and-research/cyber-research-center/data-sets

Capture the Flag Competitions (CTF)

PCAP files from capture-the-flag (CTF) competitions and challenges.

Note: Sniffing CTF's is known as "capture-the-capture-the-flag" or CCTF.

DEFCON CTF PCAPs from DEF CON 17 to 24 (look for the big RAR files inside the ctf directories)
https://media.defcon.org/

DEFCON CTF 2018 PCAP files
https://www.oooverflow.io/dc-ctf-2018-finals/

CSAW CTF 2011 pcap files
https://shell-storm.org/repo/CTF/CSAW-2011/Networking/

Pcap files from UCSB International Capture The Flag, also known as the iCTF (by Giovanni Vigna)
https://ictf.cs.ucsb.edu/pages/archive.html

HackEire CTF Challenge pcaps from IRISSCON
https://github.com/markofu/hackeire/

https://github.com/MarioVilas/write-ups/raw/master/ncn-ctf-2014/Vodka/vodka (bzip2 compressed PCAP-NG file)

PhreakNIC CTF from 2016 (by _NSAKEY). Contains traffic to/from the target, the NetKoTH scoring server and the IRC server.
https://drive.google.com/drive/folders/0B9TXiR9NkjmpOHNMRTl6VVA2RnM

Packet Injection Attacks / Man-on-the-Side Attacks

PCAP files from research by Gabi Nakibly et al. in Website-Targeted False Content Injection by Network Operators
https://www.cs.technion.ac.il/~gnakibly/TCPInjections/samples.zip

Packet injection against id1.cn, released by Fox-IT at BroCon 2015
https://github.com/fox-it/quantuminsert/blob/master/presentations/brocon2015/pcaps/id1.cn-inject.pcap

Packet injection against www.02995.com, doing a redirect to www.hao123.com (read more)
https://media.netresec.com/pcap/hao123-com_packet-injection.pcap

Packet injection against id1.cn, doing a redirect to batit.aliyun.com (read more)
https://media.netresec.com/pcap/id1-cn_packet-injection.pcap

Pcap files for testing Honeybadger TCP injection attack detection
https://github.com/david415/honeybadger-pcap-files

Man-in-the-Middle (MitM) attacks (a.k.a. "in-path attacks") in Turkey and Egypt discovered by Bill Marczak (read more).
https://github.com/citizenlab/badtraffic/tree/master/pcaps

Uncategorized PCAP Repositories

Wireshark Sample Capures
https://wiki.wireshark.org/SampleCaptures
https://wiki.wireshark.org/Development/PcapNg#Example_pcapng_Capture_File

Chappell University Trace Files
https://www.chappell-university.com/traces

"The Ultimate PCAP" by Johannes Weber containing over 60 different protocols, such as IPv6 and legacy IP traffic, different DNS query types, ICMP error codes, and so on.
https://weberblog.net/the-ultimate-pcap/

Nicholas Russo's "Job Aid" packet capture list
http://njrusmc.net/jobaid/jobaid.html

TcpReplay Sample Captures
https://tcpreplay.appneta.com/wiki/captures.html

Applied Communication Sciences' MILCOM 2016 datasets
https://www.netresec.com/?page=ACS_MILCOM_2016

Australian Defence Force Academy (ADFA) UNSW-NB15 data set (100 GB)
https://cloudstor.aarnet.edu.au/plus/index.php/s/2DhnLGDdEECo4ys?path=%2FUNSW-NB15%20-%20pcap%20files

DARPA Intrusion Detection Data Sets from 1998 and 1999
https://archive.ll.mit.edu/ideval/data/

PacketLife.net Packet Captures (Jeremy Stretch)
https://packetlife.net/captures/

Mixed PCAP file repo with a great deal of BACnet traffic (by Steve Karg)
https://kargs.net/captures/

Wireshark Network Analysis Study Guide (Laura Chappell)
https://www.chappell-university.com/studyguide (see "Book Supplements" or use this direct link to the 1.5 GB pcap file set)

Wireshark 101 Essential Skills for Network Analysis (Laura Chappell)
https://www.chappell-university.com/wireshark101-2ndedition (see "Book Supplements" or use this direct linkt to the 400 MB zip file)

Laura's Lab Kit v.9 ISO image (old)
http://cdn.novell.com/cached/video/bs_08/LLK9.iso

Freely available packet captures collected by Chris Sanders
https://github.com/chrissanders/packets

Sample capture files from: "Practical Packet Analysis - Using Wireshark to Solve Real-World Network Problems" by Chris Sanders
https://nostarch.com/download/ppa-capture-files.zip

Megalodon Challenge by Jasper Bongertz - "a real world network analysis problem, with all its confusion, drawbacks and uncertainties" (3.8 GB sanitized PCAP-NG files)
Blog post: https://blog.packet-foo.com/2015/07/the-megalodon-challenge/
Direct link: http://www.packet-foo.com/megalodon2015/MegalodonChallenge.7z

Pcaps and logs generated in @elcabezzonn's lab environment. Spans from malware, to normal traffic, to pentester tools
https://github.com/elcabezzonn/Pcaps

Anonymous FTP connections to public FTP servers at the Lawrence Berkeley National Laboratory from 2003
https://ee.lbl.gov/anonymized-traces.html

Understand project Downloads - Lots of different capture file formats (pcap, pcapng/ntar, pcangpklg and more...)
https://code.google.com/archive/p/understand/downloads

I Smell Packets (website)
https://docs.google.com/leaf?id=0Bw6BFSu9NExVMjBjZDRkMTgtMmMyZi00M2ZlLWI2NzgtODM5NTZkM2U4OWQ1

Canadian Institute for Cybersecurity (CIC) datasets
https://www.unb.ca/cic/datasets/index.html

Research PCAP datasets from FOI's Information Warfare Lab (FOI is The Swedish Defence Research Agency)
(download temporarily unavailable)

Technical challenges used by Sweden's National Defence Radio Establishment (FRA) for recruitment. Includes several PCAP challenges.
https://challenge.fra.se/

WITS: Waikato Internet Traffic Storage (traces in ERF format with headers plus 4 bytes of application data)
https://wand.net.nz/wits/
The FTP site uses rate limiting for IPv4 connections, but no ratelimit for IPv6 connections.

SimpleWeb captures (mainly packet headers)
https://www.simpleweb.org/wiki/index.php/Traces

Wireless LAN Traces from ACM SIGCOMM'01 (no application layer data)
https://www.sysnet.ucsd.edu/pawn/sigcomm-trace/

Single PCAP files

500 MB capture file from an F5 BIG-IP device vilnerable to CVE-2020–5902 (by the NCC Group)
https://github.com/nccgroup/Cyber-Defence/blob/master/Intelligence/Honeypot-Data/2020-F5-and-Citrix/f5-honeypot-release.tar.gz

MDSec, Packets from a GSM 2.5G environment showing uplink/downlink, two MS devices, SIM APDU information.
https://github.com/HackerFantastic/Public/blob/master/misc/44CON-gsm-uplink-downlink-sim-example.pcap?raw=true

SDN OpenFlow pcap-ng file by SDN/IPv6 expert Jeff Carrell.
(download temporarily unavailable)

Demo of JexBoss (Jboss EXploitation Tool) "JBoss exploits - View from a Victim" by Andre M. DiMino
http://www.deependresearch.org/2016/04/jboss-exploits-view-from-victim.html

Raul Siles, “Pcap files containing a roaming VoIP session”
http://www.raulsiles.com/old/downloads/VoIP_roaming_session.zip

Russ McRee, W32/Sdbot infected machine
https://holisticinfosec.io/toolsmith/files/nov2k6/toolsmith.pcap

Sandboxes that Generate PCAP Files

Triage Sandbox
https://tria.ge/

Hybrid Analysis Sandbox
https://www.hybrid-analysis.com/

ANY.RUN Interactive Sandbox
https://any.run/

Joe Sandbox Cloud
https://www.joesandbox.com/

Cuckoo Sandbox
https://cuckoo.cert.ee/

CAPE Sandbox
https://capesandbox.com/