I am often asked this question of where to access PCAP or PCAP-NG files so that folks can explore packet captures using Wireshark. I have always provided these resources in my Wireshark classes at the Online School, but thought I should also just list them here for public consumption.
Before you click! One caution: some public repositories contain real malware samples or captures associated with malware activity. Netresec, for example, explicitly warns that some password-protected archives contain real malware, and Malware-Traffic-Analysis.net describes itself as a site for sharing PCAPs and malware samples. Use a disposable VM, do not replay unknown traffic on a production network, and avoid extracting files from PCAPs unless you know exactly what you are doing.
I always suggest starting here: our comprehensive PCAP file that has hundreds of protocols in it for learning, analysis, etc.: https://www.cellstream.com/download/our-comprehensive-pcap-file/
Furthermore, I have always said “Capture Every Day” as advice to my students and anyone looking to become a skilled Wireshark Analyst. This list below will help you get there.
Note: If you are looking for CTF (Capture the Flag) pcaps to challenge your analyst skills – I have a separate curated list of sources for these types of pcaps you will find here.
So here they are with a brief description for each.
| Source | Best for | Notes |
|---|---|---|
| CellStream Comprehensive PCAP | Protocol Study and Learning | Best first stop and it has hundreds of protocols. |
| Wireshark Sample Captures | Protocol study | It has many small captures organized by protocol: ARP, DHCP, DNS, TCP, SIP/RTP, Wi-Fi/802.11, IPv6, routing, SMB, TLS, industrial protocols, and many others. Wireshark describes these as “goodies” for people who want interesting packets to study after installing Wireshark. |
| Netresec Public PCAP Files | Master index of public PCAP sources | This is one of the most useful index pages because it points to protocol captures, forensics challenges, ICS/SCADA captures, malware traffic, CTF traffic, wireless traces, and large public datasets. |
| Malware-Traffic-Analysis.net | Security analysis practice – use caution | Excellent for learning incident-style traffic analysis. It provides traffic-analysis exercises, PCAPs, malware samples, tutorials, and workshop material. Use an isolated VM and do not casually extract or run payloads. |
| HONEYNET.ORG | Security related packet captures – use caution | You can challenge yourself – look for the pcap challenges here |
| Digital Corpora – Network Packet Dumps | Forensics scenarios and larger datasets | Includes scenario-based packet dumps, DEFCON CTF packet dumps, and a 5 GB TCP connection useful for testing TCP reassembly and large-file analysis. |
| Stratosphere / CTU-13 | Labeled malware/botnet traffic | Useful for IDS, botnet, ML, and flow-analysis practice. CTU-13 includes botnet, normal, and background traffic with PCAPs and flow data. |
| MAWI Traffic Archive | Internet backbone traces | Good for studying high-level Internet traffic patterns. MAWI publishes WIDE backbone traces and has daily traces going back many years, including current 2026 data. |
| Chris Sanders / Practical Packet Analysis captures | Training-style protocol examples | Netresec links to Chris Sanders’ public packet captures and the sample captures used with Practical Packet Analysis. These are good for structured Wireshark practice. |
| The Steven Karg Repository | Just a Software Engineer’s packet repository | Some interesting pcaps can be found here |
| The Ultimate pcap by Johannes Weber | Dozens of protocols for training/study | Used by many, this great collection of protocols in one capture file can be used for analysis and study. |
| Chappell University trace files | Wireshark training traces | Netresec also indexes Laura Chappell / Chappell University trace files and book supplement PCAP sets. Useful for classic Wireshark learning workflows. |
| PacketLife / archived captures | Network protocol examples | PacketLife historically had many protocol captures. The site many CCNA,CCNP,CCIE folks counted on over the years has shut down, but the link here uses the WaybackMachine to load the imaged web site. |
For a broadband technicians / network engineers learning path, I would start in this order:
- CellStream Comprehensive PCAP for the broadest all-in-one packet capture
- Wireshark Sample Captures for protocol basics: ARP, DHCP, DNS, TCP, ICMP, SIP/RTP, Wi-Fi, IPv6.
- Chris Sanders / Practical Packet Analysis captures for structured troubleshooting examples.
- Netresec index when you need specialized captures such as ICS, CTF, malware, VoIP, or wireless.
- Malware-Traffic-Analysis.net only after you are comfortable working safely in a lab VM.
- MAWI / Digital Corpora / CTU-13 when you want larger datasets, research-style analysis, or flow/IDS work.
Have I missed any?
Look up the hashtag “captureeveryday” in Twitter.
If you would like to help support the continued development of independent networking, broadband, Wi-Fi, VoIP, and packet analysis content, please consider joining our Patreon community where you will gain access to exclusive technical resources, downloadable labs and PCAPs, bonus course content, troubleshooting guides, and additional member-only material. Comments and technical discussion are always welcomed at our Patreon community or on our Discord server. You can also support our work by simply buying us a coffee — every contribution helps us continue creating practical, real-world network science education for professionals and enthusiasts alike.