Archive for Wireshark

Ensuring the Accuracy of the Mu TestCloud Application Tests

September 19, 2011

In a previous blog I discussed how we had started to build out the test content for different kinds of applications across categories like P2P, video, chat and social media in our Mu TestCloud store. Fast-forward to today, and we’ve now got well over 2,000 tests, with coverage for hundreds of different apps. We’ve also got lots of customers who are actively using these ready-to-run tests for a wide range of use-cases – everything from verifying application detection signatures to validating application policies, as well as billing and charging.

But regardless of their domain, there are two common questions that customers are curious to understand:

1. How do we select the applications in the first place?
2. How do we ensure the accuracy of the tests?

So for this blog I’m going to give you a behind-the-scenes view into our test content creation process.

Full Post »

Categories: Android, DLP, DPI, Firewall, iPhone, IPS, Netflix, pcapr, Performance, Studio, Testing, Uncategorized, Video, Wireshark
857 Comments
Bookmark and Share

Announcing pcapr.Local

April 18, 2011

Since the launch of pcapr.net a few years ago, the packet-geek community has completely embraced it, extended it and now we are at over 60+ million packets on the cloud, serving enterprise IT folks, operators, government agencies and security/packet geeks. To those that seek specific packet samples, pcapr.net serves as a major reference with samples of over 420+ protocols, full-text search and the automatic indexing and organization of pcaps. But…

Full Post »

Categories: Announcements, CouchDB, Forensics, pcapr, Wireshark, xtractr
1,666 Comments
Bookmark and Share

iPhone, meet Wireshark – Capturing Traffic from Mobile Devices

October 10, 2010

I wanted to see what the apps on my iPhone do and as I searched around, most of the current methods seem to involve jail-breaking, setting up hubs and access points and other such cumbersome nastiness. Gotta be simpler than that. So we are releasing a simple libpcap tool that you can run on your Mac to intercept packets from any app on any mobile device. iPad, iPhone, Android are all fair game. Once you can capture, you can very easily fuzz and scale test with Mu Studio. More on that in a different blog.

Full Post »

Categories: Announcements, C++, Forensics, pcapr, Tools, Wireshark
652 Comments
Bookmark and Share

MuSL for Application Protocol Fuzzing and Scale Testing – Introduction

August 5, 2010

So we’ve had this thing called MuSL (Mu Scenario Language) for more than a year now in the Mu Studio product. It’s the format of choice at Mu for modeling everything from layer 2 through 7 across a wide range of applications, everything from LTE (Long Term Evolution), Databases, SCADA, Web applications, NoSQL to FCoE (Fiber Channel over Ethernet). Our customers use this for Functional Testing, Fuzzing and most recently Scale Testing. This is the first of a series of blogs describing what MuSL is and how you can use a single description of a multi-host, multi-protocol, multi-transport transaction for Application Fuzzing to Scale Testing.

Full Post »

Categories: Announcements, Fuzzing, Scale, Studio, Testing, Wireshark
960 Comments
Bookmark and Share

Network forensics in IRB: xtractr Ruby gem

March 17, 2010

What started off as a way to fully unit test xtractr, turned out to be a Gem, literally. First xtractr, then nuggets and now a gem. You follow? Seriously though, we are happy to announce a Ruby gem for xtractr which takes all the goodness of Ruby and interacts RESTfully with xtractr for oh-so-fun packet mining and troubleshooting all from within IRB.

Full Post »

Categories: Announcements, pcapr, Ruby, Tools, Wireshark
178 Comments
Bookmark and Share

Using Map/Reduce for Network Forensics and Troubleshooting

March 8, 2010

We launched xtractr earlier this week for network forensics, troubleshooting and handling support escalations involving large packet captures. Just so you know xtractr is a 4-tier app (more on that below) that combines the best of Web 2.0 with looking at packets in new light. Looking beyond the “unleash the power of packets” message, I wanted to write about what’s under the hood a little bit and how we are using CouchDB-style of Map/Reduce for uncovering all sorts of information inside large packet captures.

Full Post »

Categories: CouchDB, jQuery, pcapr, Studio, Testing, Wireshark
1,001 Comments
Bookmark and Share

Wireshark, dissectors and fuzzers

September 27, 2009

Just saw someone tweet about Python dissectors in Wireshark. Personally, I would’ve preferred a Ruby DSL that maps back to the internal libwireshark API in a way that makes writing dissectors incredibly easy. A couple of years ago, I presented “I see dead protocols” at CanSecWest and talked quite a bit about laziness, impatience and virtue. In the context of dissectors, I dug out some code that I wrote a while back that essentially converts a parser into a fuzzer. Let me explain.

Full Post »

Categories: Fuzzing, Ruby, Tools, Wireshark
776 Comments
Bookmark and Share