The public repo does not ship third-party PCAP corpora, but MarlinSpike still supports local preset captures.

Public preset-library policy

The public repository does not bundle third-party PCAP corpora. That keeps redistribution clean and avoids shipping capture data the public project should not be republishing by default.

The same principle applies to public images: local corpora are for your own deployment or lab environment, not something the public site should imply is always included.

How to add local presets

The checked-in preset README gives a simple pattern:

• Create category folders under presets/.
• Add your own .pcap, .pcapng, or .cap files locally.
• Or upload those files later through the admin UI after deployment.

presets/
  site-a/
    baseline-shift-a.pcapng
  site-b/
    historian-incident.cap

Why those files stay local

The preset docs note that preset capture files are ignored by both .gitignore and .dockerignore. That means they are not committed and not baked into public images by default.

This is a useful operational split:

• The public repo stays clean and redistributable.
• Your private deployment can still keep a repeatable capture library for training, testing, or demos.
• Teams do not have to expose customer traffic or third-party data just to use the preset feature.

Alternative intake paths

You do not need a baked-in preset library to use MarlinSpike effectively. The project docs repeatedly position the main intake path as uploads or captures fed into the workbench during an engagement.

Use presets when you want a local reusable library. Use uploads when you want ad hoc field captures, incident files, or lab exports reviewed immediately.