I wanted to see what the apps on my iPhone do and as I searched around, most of the current methods seem to involve jail-breaking, setting up hubs and access points and other such cumbersome nastiness. Gotta be simpler than that. So we are releasing a simple libpcap tool that you can run on your Mac to intercept packets from any app on any mobile device. iPad, iPhone, Android are all fair game. Once you can capture, you can very easily fuzz and scale test with Mu Studio. More on that in a different blog.
Archive for Announcements
MuSL – Interactive Application Protocol Fuzzing Playground
MuSL stands for Mu Scenario Language, a canonical canonical Domain Specific Language that we use in Mu Studio to represent complex transactions between multiple hosts using multiple transports and layers. The language itself borrows constructs from numerous languages and was designed to be protocol friendly. We just published an interactive application protocol playground that shows off MuSL and how to use it for various types of testing including LTE, NoSQL, Databases, Layer2 and DPI.
MuSL for Application Protocol Fuzzing and Scale Testing – Introduction
So we’ve had this thing called MuSL (Mu Scenario Language) for more than a year now in the Mu Studio product. It’s the format of choice at Mu for modeling everything from layer 2 through 7 across a wide range of applications, everything from LTE (Long Term Evolution), Databases, SCADA, Web applications, NoSQL to FCoE (Fiber Channel over Ethernet). Our customers use this for Functional Testing, Fuzzing and most recently Scale Testing. This is the first of a series of blogs describing what MuSL is and how you can use a single description of a multi-host, multi-protocol, multi-transport transaction for Application Fuzzing to Scale Testing.
Evolution of Testing (redux)
This is fun. In the last few blogs I’ve talked a lot about how cloud and mobile apps are changing everything. Okay, that should be Changing. Everything. Again. But while HP, IBM and CA are busy solving the challenges of Enterprise Apps and IXIA and Spirent are busy pushing gobs of packets around, the cloud and mobile apps are just exploding. This is the NoSQL movement, HTML5, H.264 videos in your browser, spanking new iPhone and Android apps every day and so on. This short video below summarizes the challenges of testing the world that’s changing around us.
Why NoSQL is bad for startups
We launched pcapr over a year ago now with just a few of us working part time to build and manage the site. pcapr is powered by CouchDB, a NoSQL database written in Erlang with JavaScript as the primary query language. Frankly, this has been a disaster. We are planning on rebuilding the site with Java, Hibernate and MySQL for a number of reasons.
Network forensics in IRB: xtractr Ruby gem
What started off as a way to fully unit test xtractr, turned out to be a Gem, literally. First xtractr, then nuggets and now a gem. You follow? Seriously though, we are happy to announce a Ruby gem for xtractr which takes all the goodness of Ruby and interacts RESTfully with xtractr for oh-so-fun packet mining and troubleshooting all from within IRB.
Announcing xtractr – unleash the power of packets
At Mu, we deal with pcaps every day. We love Wireshark. We decode packets, work with protocols, auto generate test cases (functional to fuzz) from pcaps by analyzing the contents and just have incredible amounts of fun solving major problems for our customers. Yet when it comes to replicating field issues, most of our customers struggle with large pcaps and try to get a bird’s eye view of what’s in it to pinpoint the conversation or packet that triggered a bug. This takes hours if not days. With Mu Studio, it’s super easy to load a multi-protocol transaction and use it as the basis for testing – from functional to fuzz. But how do you find the suspicious transaction or conversation from the large pcap before you can test?
Multi-dimensional data visualization
Way back in grad school, I was working on a project involving Auralization. The key idea was that your ear can process multi-dimensional data (pitch, volume, instruments, silence, tempo, etc) way better than your eyes can (try closing your eyes and listening to a Bach Fugue). So back then, we tried to take these types of data (stocks, sales reports, expenses, etc) and created MIDI files out of it to understand trends. Ever since I saw the Hans Rosling’s TED Talk I’ve wondered the applicability of this type of visualization on something other than economics.
Collaborative Network Forensics
If you’ve dealt with really large packet captures, you’ve probably tried to break things apart into smaller chunks just so you can figure out what’s actually in there. There are lots of command line tools out there that already do this. So it started out as an experiment to see if there’s a better, interactive, visual way to explore large pcaps and rapidly hone in on what you are looking for. With the recent release of large datasets from ITOC the need for this just became a whole lot more critical.
Rock climbing software problems
This one goes to Brian who got me back to climbing after all these years.
I used to rock climb a lot. It’s one of the few sports I cherished for the longest time before I ran out of time to focus on it. There are striking similarities between rock climbing and writing software and analytical thinking to reduce problems to its bare essence. Yes, I’ve climbed the Cathedral Peak and Royal Arches with lots of unexpected happenings, inspite of the training.
