I originally wrote this post back in March ’06, but never posted it. Since then, I’ve been distracted with other tasks and openpacket.org has gone live. I’ve decided to post this now, because I’m tired of being lazy.
So for about 4 years now (6 years as of 2008), I’ve had the idea of building a public repository where people can share pcap files. And I’m not the only one with this idea. And based on people asking for it regularly on various email lists, there seems to be demand for it. But will it work?
There are some similarities between sharing music (which is quite popular) and pcaps:
- Most people will probably be lechers (will download files, but never upload any)
- While anyone can create music or pcaps, a smaller subset will do a good job of it
- You need some kind of database/rating system to categorize and track them
Legalities aside, what’s different between the two is that music sharing solves a distribution problem, while a public pcap repository solves a content problem. This means that if most people are lechers and there is a only a small group of potential talented contributors, how do you get these people motivated and turn the lechers into trained and motivated contributors?
There seems to be two primary kinds of contributors:
- Individuals (hobbyists and professionals) interested in networking
- Networking vendors (specifically those in the IDS/IPS/Firewall space)
There seems to be a number of individuals interested, but each of them tends to have limited amount of time. While they can probably be counted on doing maintenance work (rating, categorization, etc), it’s unlikely they can be counted on generating large quantities of pcaps.
Many vendors on the other hand already have large pcap libraries, but unlike individuals they are harder to motivate. Many of them aren’t interested in helping other people out for free, because they don’t see how it benefits them. So just how does it benefit them?
- Good will. This one is obvious. People want pcaps and so giving them what they want makes them happy. This makes them think the vendor is cool for helping them out and gives them a positive image of the company.
- Help set the standard. The fact is that people want these pcaps to test products that the vendors are selling. As everyone knows, when you define the test cases, you have a better chance of coming out on top.
- What comes around, goes around. When you release your pcaps, you encourage other organizations to do the same. When they open up, you benefit from their contribution.
Next, how to turn lechers into contributors…