As we approach the 1 year anniversary of pcapr, we were looking back to see how it has evolved. As a company that tests pretty much everything under the sun that has an IP stack, we deal with pcaps for all kinds of protocols. These pcaps were being littered around in public shares, wiki attachments, emails, internal mailing lists and blogs. Turns out we were not the only ones. The broader community and our customers were having similar problems. So it really started out as a way to organize a large collection of pcaps for us and the broader community. Hence the r in pcapr, which stands for repository. But thanks to the community feedback and contribution, pcapr has become a whole lot more than just a repository.

More »

So a friend of mine installed solar in his house and he kept hearing voices in the backyard. Turns out his smart meter was using SIP to call back home and report various things. Okay, I was kidding, but there’s something to be said about this.

More »

Are you looking for a quick, easy and flexible way to create JSON objects to test your JSON service? Or maybe a tool to mock server responses to test some JavaScript browser code? If so, you might be interested in Popcorn.

Popcorn is a JavaScript embedded DSL design to generate any kind of JSON object. It comes with a basic set of generators for most common JavaScript types, and combinators to build new generators for any kind of data. With Popcorn thousands of test cases can be expressed in just few lines of code, which makes it a great driver for data-driven test engines. Let’s go for a quick tour.

More »

Way back in grad school, I was working on a project involving Auralization. The key idea was that your ear can process multi-dimensional data (pitch, volume, instruments, silence, tempo, etc) way better than your eyes can (try closing your eyes and listening to a Bach Fugue). So back then, we tried to take these types of data (stocks, sales reports, expenses, etc) and created MIDI files out of it to understand trends. Ever since I saw the Hans Rosling’s TED Talk I’ve wondered the applicability of this type of visualization on something other than economics.

More »

Just saw someone tweet about Python dissectors in Wireshark. Personally, I would’ve preferred a Ruby DSL that maps back to the internal libwireshark API in a way that makes writing dissectors incredibly easy. A couple of years ago, I presented “I see dead protocols” at CanSecWest and talked quite a bit about laziness, impatience and virtue. In the context of dissectors, I dug out some code that I wrote a while back that essentially converts a parser into a fuzzer. Let me explain.

More »

If you’ve dealt with really large packet captures, you’ve probably tried to break things apart into smaller chunks just so you can figure out what’s actually in there. There are lots of command line tools out there that already do this. So it started out as an experiment to see if there’s a better, interactive, visual way to explore large pcaps and rapidly hone in on what you are looking for. With the recent release of large datasets from ITOC the need for this just became a whole lot more critical.

More »

The Mu Dynamics Research Team released advisory “MU-200908-01” today. Details: MU-200908-01

Ruby’s case statements are pretty cool and more intuitive to the C, C++ counterparts. Each object in the when statement is expected to support the === operator which is invoked with the object given in the case statement. This allows you use Range, Regexp and other objects as long as they support the === operator.

More »

It’s cool that Charlie Miller fuzzed the iPhone and broke it, but the catch phrase for me was (paraphrased) “When I start the fuzzer, I want to get some sleep and when I wake up find tons of 0-days“. I remember watching the movie with my kids and it wasn’t that the factory made awesome chocolates, but the whole thing was automated with elves and such.

More »

We use Ruby, a lot. Everything from one-off scripts to modeling protocols to building mutations to packaging these things on to the product and then some. We push the language features quite a bit with native C extensions, eigen classes, DSL’s, method yanking, method redefinition, open classes, etc. We have parsers, code generators (that output C, Java, C++ or Ruby in some cases), document generators (that output wiki pages) all written in Ruby. The online help in the product is validated during build time and then aggregated into a set of HTML pages. Our 3rd generation protocol engine which powers all of our protocols and Studio has 2,323 Ruby files in trunk with a total of 215,621 lines of code!

More »