Archive for pcapr

Ensuring the Accuracy of the Mu TestCloud Application Tests

September 19, 2011

In a previous blog I discussed how we had started to build out the test content for different kinds of applications across categories like P2P, video, chat and social media in our Mu TestCloud store. Fast-forward to today, and we’ve now got well over 2,000 tests, with coverage for hundreds of different apps. We’ve also got lots of customers who are actively using these ready-to-run tests for a wide range of use-cases – everything from verifying application detection signatures to validating application policies, as well as billing and charging.

But regardless of their domain, there are two common questions that customers are curious to understand:

1. How do we select the applications in the first place?
2. How do we ensure the accuracy of the tests?

So for this blog I’m going to give you a behind-the-scenes view into our test content creation process.

Full Post »

Categories: Android, DLP, DPI, Firewall, iPhone, IPS, Netflix, pcapr, Performance, Studio, Testing, Uncategorized, Video, Wireshark
857 Comments
Bookmark and Share

Announcing pcapr.Local

April 18, 2011

Since the launch of pcapr.net a few years ago, the packet-geek community has completely embraced it, extended it and now we are at over 60+ million packets on the cloud, serving enterprise IT folks, operators, government agencies and security/packet geeks. To those that seek specific packet samples, pcapr.net serves as a major reference with samples of over 420+ protocols, full-text search and the automatic indexing and organization of pcaps. But…

Full Post »

Categories: Announcements, CouchDB, Forensics, pcapr, Wireshark, xtractr
1,666 Comments
Bookmark and Share

Splits, handshakes and bananas

April 14, 2011

It doesn’t matter what business you are in, but #$*(‘ing with your customers by releasing advisories and threatening them to buy your product or services is just plain dumb. For those that are following the TCP-split-handshake epic #fail saga, I have to say, the vulnerability itself is a clever hack. By using double-SYN’s or simultaneous connections (which is incredibly rare and non-existent on most modern networks), one can trick firewalls and IPS’ in not tracking state. This is reminiscent of the original classic Insertion, Evasion and Denial of Service that covered lots of grounds in the pitfalls of deconstructing application state in real-time completely based on the packets that are flowing through.

Full Post »

Categories: Firewall, IPS, pcapr, Rants, Testing
1,122 Comments
Bookmark and Share

Getting pcaps for your test cases

February 1, 2011

With Mu Studio, you can go from pcap to test creation in minutes. But how do you get the packet capture to start with?
Full Post »

Categories: pcapr, Studio, Testing, Training
1,509 Comments
Bookmark and Share

iPhone, meet Wireshark – Capturing Traffic from Mobile Devices

October 10, 2010

I wanted to see what the apps on my iPhone do and as I searched around, most of the current methods seem to involve jail-breaking, setting up hubs and access points and other such cumbersome nastiness. Gotta be simpler than that. So we are releasing a simple libpcap tool that you can run on your Mac to intercept packets from any app on any mobile device. iPad, iPhone, Android are all fair game. Once you can capture, you can very easily fuzz and scale test with Mu Studio. More on that in a different blog.

Full Post »

Categories: Announcements, C++, Forensics, pcapr, Tools, Wireshark
652 Comments
Bookmark and Share

MuSL – Interactive Application Protocol Fuzzing Playground

August 27, 2010

MuSL stands for Mu Scenario Language, a canonical canonical Domain Specific Language that we use in Mu Studio to represent complex transactions between multiple hosts using multiple transports and layers. The language itself borrows constructs from numerous languages and was designed to be protocol friendly. We just published an interactive application protocol playground that shows off MuSL and how to use it for various types of testing including LTE, NoSQL, Databases, Layer2 and DPI.

Full Post »

Categories: Announcements, Fuzzing, IPv6, pcapr, Scale, Studio, Testing
757 Comments
Bookmark and Share

Testing HTML5 Applications

July 14, 2010

There are two kinds of test tool vendors in the world. Those that count in binary and those that don’t. Okay, stale joke aside there are those that test applications (like Mercury, now part of HP, IBM, etc) and those that test the infrastructure (like IXIA, Spirent, etc). Mu was founded on the premise that this boundary is blurring rapidly and there needs to be a new kind of testing solution that spans the layers between applications and infrastructures and looks at the service as a whole. As we look into the imminent future of HTML5 and the innovation in mobile and cloud apps, you can see this in play right now. And yet all these test tool vendors are lagging behind this brave new world.

Full Post »

Categories: Fuzzing, HTML5, pcapr, Testing
454 Comments
Bookmark and Share

Solving Ann’s Aurora Forensics Contest with xtractr

July 12, 2010

Had a little time to look into Ann’s Aurora, a forensic contest posted by SANS Digital Forensics. First of all, I got to say, these contests are totally awesome as it gives the opportunity for forensics investigators to try out new ideas and build new tools to solve very real problems. The solution to this has already been published by @McGrewSecurity where he posted a new tool called pcapline.py. It’s a tool that carves out embedded content in pcaps amongst other things. Very slick.

Full Post »

Categories: Forensics, pcapr, xtractr
816 Comments
Bookmark and Share

CouchDB, DNS and Scaling the Cloud

April 29, 2010

Just got back from Interop where I was part of a panel that talked about cloud computing. We discussed a lots of interesting topics like migration, scaling, hybrid clouds and what not. NoSQL was definitely a discussion point since I personally believe you can’t talk about cloud without also talking about NoSQL.

The scaling part though got me thinking. The current approach for scaling any cloud app is to use your IaaS provider to just add more compute power and deal with it. I tend to think a little differently from this. xtractr on pcapr for example, uses a hybrid cloud model. You download a single binary that you use for indexing large packet captures. When you now want to search, extract, report on this, the application is delivered to your browser which then uses JSONP (until HTML5 is truly prevalent with cross-domain Ajax requests) to communicate to your instance of the xtractr. What this means is when you are busy crunching packets, the server load on pcapr is zero! Which implies infinite scaling, ‘cos the load is truly distributed across all of our users.

Full Post »

Categories: CouchDB, pcapr
253 Comments
Bookmark and Share

Net Neutrality, GPL, Packets and Privacy

April 7, 2010

Just read the net neutrality article on Comcast. I have mixed feelings about this and wanted to find out what you thought. There seems to be a fine line when data becomes information and directly affects corporations and fellow humans. What I don’t know when looking at packets traversing the network as little bits of information, where exactly that boundary lies.

Full Post »

Categories: pcapr, Rants
320 Comments
Bookmark and Share