For the last couple of years, I captured many different network and upper-layer protocols and published the pcaps along with some information and Wireshark screenshot on this blog. However, it some…

For the last couple of years, I captured many different network and upper-layer protocols and published the pcaps along with some information and Wireshark screenshot on this blog. However, it some…

For the last couple of years, I captured many different network and upper-layer protocols and published the pcaps along with some information and Wireshark screenshot on this blog. However, it sometimes takes me some time to find the correct pcap when I am searching for a concrete protocol example. There are way too many pcaps out there.
This is supposed to change now:
All previous pcaps can be found on my blog by following the pcap tag: https://weberblog.net/tag/pcap/, while all Wireshark related posts (showing screenshots and use-cases) are behind the Wireshark tag: https://weberblog.net/tag/wireshark/.
Download the Ultimate PCAP
Download it, 7zipped, 4 MB:
Side note: Since the packets are captured over many years (at least 2014-2020), your “time” and “delta time” columns will display odd values. 😉 Side note 2: As I will add more packets to the pcap, the frame numbers will change in the future.
What’s in there?
Layer 2 Protocols

  • ARP (request, reply, gratuitous)
  • CDP
  • DTP
  • LACP
  • LLDP
  • LOOP
  • PPP (PPPoED, LCP, IPCP, IPV6CP)
  • STP
  • UDLD
  • VTP

Layer 4 Protocols that are *not* TCP/UDP

  • 6in4 [Wireshark display filter:
    ip.proto == 41]
  • AH v6 (IPv6 extension header number 51, used by OSPFv3)
  • EIGRP v6/v4
  • ESP v6/v4 (IPv6 extension header number 50)
  • GRE v4 (tunneling v6 and v4)
  • ICMPv6 (RS, RA w/ RDNSS and DNSSL, NS, NA, DAD, MLD with hop-by-hop extension header (number 0), ping, destination unreachables,
  • packet too big
    , time exceeded)

  • ICMPv4 (ping, timestamp, destination unreachable, time-to-live exceeded)
  • IGMP (v1, v3)
  • OSPFv2 for IPv4 (MD5 authentication)
  • OSPFv3 for IPv6 (plain & authentication via IPsec authentication header AH)

Upper Layer Protocols based on TCP/UDP

  • BGP v6/v4 (MD5 authentication)
  • DHCPv6 (
  • stateful
    , stateless, prefix delegation)

  • DHCPv4 (DORA, NAK)
  • DNS v4/v6 (tons of RRs, UDP, TCP, fragmentation, DNSSEC validation, SERVFAIL, NXDOMAIN, ENDS(0) client subnet, EDNS(0) cookie, mDNS, dynamic update, zone change notification, IXFR, AXFR, TSIG)
  • HRSP v6/v4
  • HTTP v6/v4
  • HTTP-Proxy v4
  • HTTPS aka TLS v6/v4
  • IKEv1 v6/v4 (aggressive mode, main mode) [Wireshark display filter:
    isakmp]
  • IKEv2 v6 [Wireshark display filter:
    isakmp]
  • IMAP v6
  • IP SLA v4
  • NetFlow v6
  • NTP v6/v4 (basic client-server, symmetric, control, authentication w/ md5 and sha-1 and nak, NTS with TLS 1.3)
  • RIP for IPv4
  • RIPng for IPv6
  • RTP v4 (VoIP calls)
  • SIP v4 (VoIP calls)
  • SMTP v6/v4 (with and without STARTTLS)
  • SNMPv2c v6
  • SSDP v4
  • SSH v6/v4
  • Syslog v6/v4
  • Telnet v6
  • TFTP v4
  • WHOIS v6/v4

Miscellaneous

  • Apple AirPlay v4
  • IP fragments (sourced by DNS over UDP)
  • IPv6 fragments (aka fragment header (44), sourced by DNS over UDP)
  • TCP fragmented segments
  • Traceroute (aka TTL trick via echo-request & TCP port 25) v6/v4
  • TLS v6/v4 (1.2, 1.3)
  • VLAN tagging
  • VoIP Calls v4

What’s still missing?
The following protocols and packet types are still missing.

  • 4in6
  • EAPOL
  • GLBP
  • IPv6 extension headers: routing (43), destination options (60), mobility (135)
  • LDAP
  • MST
  • PAgP
  • RADIUS
  • RMCP+/IPMI
  • SNMPv3
  • TACACS+
  • TCP details & flags
  • VRRP
  • Ethernet Jumbo Frames

God bless!

Share