We launched xtractr earlier this week for network forensics, troubleshooting and handling support escalations involving large packet captures. Just so you know xtractr is a 4-tier app (more on that below) that combines the best of Web 2.0 with looking at packets in new light. Looking beyond the “unleash the power of packets” message, I wanted to write about what’s under the hood a little bit and how we are using CouchDB-style of Map/Reduce for uncovering all sorts of information inside large packet captures.

More »

So I was up early this morning and counting packets didn’t help. I was thinking of what we do here at Mu and how testing requirements have dramatically changed over the last few years. This blog is an ode (well it doesn’t rhyme) to the most awesomest testing product created by the Mu team.

More »

At Mu, we deal with pcaps every day. We love Wireshark. We decode packets, work with protocols, auto generate test cases (functional to fuzz) from pcaps by analyzing the contents and just have incredible amounts of fun solving major problems for our customers. Yet when it comes to replicating field issues, most of our customers struggle with large pcaps and try to get a bird’s eye view of what’s in it to pinpoint the conversation or packet that triggered a bug. This takes hours if not days. With Mu Studio, it’s super easy to load a multi-protocol transaction and use it as the basis for testing - from functional to fuzz. But how do you find the suspicious transaction or conversation from the large pcap before you can test?

More »

As we approach the 1 year anniversary of pcapr, we were looking back to see how it has evolved. As a company that tests pretty much everything under the sun that has an IP stack, we deal with pcaps for all kinds of protocols. These pcaps were being littered around in public shares, wiki attachments, emails, internal mailing lists and blogs. Turns out we were not the only ones. The broader community and our customers were having similar problems. So it really started out as a way to organize a large collection of pcaps for us and the broader community. Hence the r in pcapr, which stands for repository. But thanks to the community feedback and contribution, pcapr has become a whole lot more than just a repository.

More »

So a friend of mine installed solar in his house and he kept hearing voices in the backyard. Turns out his smart meter was using SIP to call back home and report various things. Okay, I was kidding, but there’s something to be said about this.

More »

Are you looking for a quick, easy and flexible way to create JSON objects to test your JSON service? Or maybe a tool to mock server responses to test some JavaScript browser code? If so, you might be interested in Popcorn.

Popcorn is a JavaScript embedded DSL design to generate any kind of JSON object. It comes with a basic set of generators for most common JavaScript types, and combinators to build new generators for any kind of data. With Popcorn thousands of test cases can be expressed in just few lines of code, which makes it a great driver for data-driven test engines. Let’s go for a quick tour.

More »

Way back in grad school, I was working on a project involving Auralization. The key idea was that your ear can process multi-dimensional data (pitch, volume, instruments, silence, tempo, etc) way better than your eyes can (try closing your eyes and listening to a Bach Fugue). So back then, we tried to take these types of data (stocks, sales reports, expenses, etc) and created MIDI files out of it to understand trends. Ever since I saw the Hans Rosling’s TED Talk I’ve wondered the applicability of this type of visualization on something other than economics.

More »

Just saw someone tweet about Python dissectors in Wireshark. Personally, I would’ve preferred a Ruby DSL that maps back to the internal libwireshark API in a way that makes writing dissectors incredibly easy. A couple of years ago, I presented “I see dead protocols” at CanSecWest and talked quite a bit about laziness, impatience and virtue. In the context of dissectors, I dug out some code that I wrote a while back that essentially converts a parser into a fuzzer. Let me explain.

More »

If you’ve dealt with really large packet captures, you’ve probably tried to break things apart into smaller chunks just so you can figure out what’s actually in there. There are lots of command line tools out there that already do this. So it started out as an experiment to see if there’s a better, interactive, visual way to explore large pcaps and rapidly hone in on what you are looking for. With the recent release of large datasets from ITOC the need for this just became a whole lot more critical.

More »

The Mu Dynamics Research Team released advisory “MU-200908-01” today. Details: MU-200908-01