OpenPacket.org: the challenge of a free, public packet capture repository

Launched in April 2008, the mission of OpenPacket.org is to provide quality network traffic traces to researchers, analysts, and other members of the digital security community. Prior to OpenPacket.org there was no central repository of traces from which a student of network traffic could draw samples. Analysts can now visit OpenPacket.org, query the OpenPacket.org capture repo for matching traces, and download those packets in their original format (e.g., Libpcap, etc.). The analyst can process and analyze that traffic using tools of their choice, like Tcpdump, Snort, or Wireshark. Analysts who collect their own traffic can submit it to the OpenPacket.org database after they register. Anonymous users can download any trace that's published. Only registered users can upload. This system provides a level of accountability for trace uploads. Our moderators review the trace to ensure it does not contain any sensitive information that should not be posted publicly. Besides appearing on the site, once a trace has been published users receive notice of it via a RSS feed. Operating such a site presents many challenges, including deciding what to accept, or how to try to anonymize traffic submissions, and how to host, organize, and offer traces of various complexities and natures. This talk will describe OpenPacket.org's background, operation since early 2008, and future.