Announcing xtractr - unleash the power of packets

At Mu, we deal with pcaps every day. We love Wireshark. We decode packets, work with protocols, auto generate test cases (functional to fuzz) from pcaps by analyzing the contents and just have incredible amounts of fun solving major problems for our customers. Yet when it comes to replicating field issues, most of our customers struggle with large pcaps and try to get a bird’s eye view of what’s in it to pinpoint the conversation or packet that triggered a bug. This takes hours if not days. With Mu Studio, it’s super easy to load a multi-protocol transaction and use it as the basis for testing - from functional to fuzz. But how do you find the suspicious transaction or conversation from the large pcap before you can test?

Background

Network forensics and troubleshooting is nothing new. Ever since the first packet was generated on a network, people have always tried to make sense out of packets. Yet they are constantly stitching together tools with serious command-line kung fu to get the job done. Take a look at some of these use cases:

• Cisco Blog: Finding a needle in a pcap
• Nanog Thread: DNS Query Analyzer
• Network Forensics Puzzles: Ann’s Bad AIM
• ISC Diary: Tools for extracting files from pcaps

The one use case that’s not blogged about that much is that of network operations and support folks trying to reproduce a bug from their customer, when all they have is a large pcap.

Announcing xtractr

xtractr is a collaborative cloud app for indexing, searching, extracting and reporting on pcaps. The lite version can index up to 2.5 million packets and 250 MBytes of pcaps. We understand the sensitivity of packets (usernames, passwords, IP’s, etc) and so the xtractr index stays local to you on your machine. The analytics and collaboration however, is hosted on pcapr and runs in your web browser.

Here’s a quick introduction to xtractr:

Get started with xtractr!