OpenPacket.org Initial Announcement


I would like to announce that I am working on a project called OpenPacket.org. The mission of OpenPacket.org is to provide quality network traffic traces to researchers, analysts, and other members of the digital security community. One of the most difficult problems facing researchers, analysts, and others is understanding traffic carried by networks. At present there is no central repository of traces from which a student of network traffic could draw samples. OpenPacket.org will provide one possible solution to this problem.

Analysts looking for network traffic of a particular type will visit OpenPacket.org, query the OpenPacket.org Database for matching traces, and download those packets in their original format (e.g., Libpcap, etc.). The analyst will be able to process and analyze that traffic using tools of their choice, like Tcpdump, Snort, Ethereal, and so on.

Analysts who collect their own traffic will be able to submit it to the OpenPacket.org database, assuming it is suitable for public review and meets guidelines to be announced later.

I am currently working with some friends and colleagues on this project. We hope to have OpenPacket.org up and running before the end of the year. At present the OpenPacket.org domain name is "parked," and soon it will simply forward to this blog entry. As we enter Alpha and then Beta status, more will be available through that domain name.

Comments

Anonymous said…
Great idea:)
11:47 PM
Anonymous said…
Make sure to provide some anonomyzing tools (or discuss/link to) such as the nice things from caida and others. Unfortunatly, most (all?) of these have trouble with captured data that contain thinks like 802.1q, QinQ, and MPLS tags.. Which make traces that contain that type of data very very hard to share.
1:45 AM
Anonymous said…
Richard,

Definitely looking forward to the site and contributing to that community. Let me know if I can help in any way.

Chuck
8:48 AM
Anonymous said…
Hey Richard,

This is definitely something that the community has needed for a long time. The problem is most of us don't have the bandwidth (not just the circuit but HW, time, cycles) to do this on our own. Bringing this together on in addition to everything else you are involved in is top notch.

If there is anything that I can do to help, let me know.

-Brandon
11:27 AM
Anonymous said…
Very cool. Something that has been needed for a while.

The Ethereal Sample Capture Page is a also good start.


- Matthew Franz
12:19 AM
Anonymous said…
If we can provide resources or content from Bleeding Snort, we're happy to. Let me know what you need.

Matt Jonkman
9:38 AM
Anonymous said…
I third or fourth the positive comments, once information is available on what is needed I will be happy to contribute as well.
10:16 AM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technical or pol
Read more