Index of /publicDatasets/CTU-Normal-7

Name	Last modified	Size

Parent Directory		-
2013-12-17_capture1.biargus	2016-08-29 14:18	2.5M
2013-12-17_capture1.binetflow	2016-08-29 14:18	2.2M
2013-12-17_capture1.binetflow.labeled	2018-10-05 23:26	1.1M
2013-12-17_capture1.capinfos	2016-06-27 19:20	718
2013-12-17_capture1.dnstop	2016-06-27 19:20	18K
2013-12-17_capture1.html	2016-06-27 19:21	389K
2013-12-17_capture1.json	2016-06-27 19:21	34K
2013-12-17_capture1.passivedns	2016-06-27 19:20	99K
2013-12-17_capture1.pcap	2016-06-27 19:12	398M
2013-12-17_capture1.rrd	2014-09-12 11:50	8.0M
2013-12-17_capture1.weblogng	2016-06-27 19:20	5.9K
Binetflows-per-hour/	2016-10-10 14:48	-
README.html	2019-03-23 15:05	1.3K
README.md	2019-03-23 15:05	1.1K
bro/	2017-08-31 09:45	-
ralabel-filters.conf	2018-10-05 23:24	7.6K
ralabel.conf	2018-10-05 23:24	5.9K
suricata/	2019-03-23 14:41	-

Description

This is a normal P2P capture from a Linux Debian notebook in a home network. The goal of this capture is to help analyze the P2P traffic. (The computer was normal because we check it manually)
The capture started on 2013-12-17 at 23:09 hs
IP of the normal computer: 10.0.0.46
The actions of the normal computer were:
- Use the Deluge P2P program from Linux to download some large files.
- Navigate some web pages, including Twitter and YouTube.
- Use jabber.
All webpages accessed with a Chrome browser.
The traffic in the file is composed of all the packets coming to and from the machine and related packets from the router. The broadcast and multicast traffic was deleted, as well as the traffic from other hosts in the same network.

The program mtr is creating all those .in-addr.arpa DNS requests and is completely normal.

The P2P program was running for 1 hour before the capture started. At the beginning there is also a mtr sending ICMP packages to www.google.com

At some point some web pages open. And also the pidgin IM was used.