Learning network analysis can be a cumbersome process involving hours of analysis of packet captures. Skilled networking technicians will have an easier time spotting patterns, but it helps to have a social network of helpers.

 

That’s why IP testing services provider Mu Dynamics (News - Alert) launched its pcapr social networking forensics web site about one year ago. Pcapr holds a collection 55 million packets online, which is reportedly the largest collection of pcaps on the Web.

 

Plus, it’s received some serious praise from security networking professionals.

 

“You can view hundreds of examples from the filed and examine down to the packet level,” blogged Jeff Christman, a writer for Houston Linux and Security Technology Examiner. “Every protocol is covered and you can upload your own capture. A great feature is the social networking aspect of the site. You can upload packets and get feedback from other network security gurus.”

 

Mu Dynamics’ Adam Stein (News - Alert) said it is best described as “Flickr for packet captures,” where users can build customized open source test cases for use in the Mu Test Suite in hours, instead of weeks or months. 

As a company that tests pretty much everything under the sun that has an IP stack, Mu Dynamics deals with pcaps for all kinds of protocols.

According to a posting on Mu’s corporate blog, “these pcaps were being littered around in public shares, wiki attachments, e-mails, internal mailing lists and blogs.” This, in turn, inspired the site’s creation.

Because Mu and its customers were having similar problems, there was a growing need for a system that organized a large collection of pcaps. According to Mu, some of the key capabilities on pcapr include: 

* A collection of more than 310,000 packets, thanks to a standalone D/DoS Testing Network Applications generator that used a JSON configuration to model the transport, payload and pattern; 

* A private repository to upload, edit and manage the pcaps without the whole world knowing about it, into a “drafts” section. With “drafts,” each pcapr user gets to stash away up to five pcaps that are completely hush-hush. These don’t show up in the searches, allows the user to edit, rewrite and reorder packets and also delete these pcaps; 

* Cap’r Mak’r, a section that helps the user create pcaps from content. According to Mu, if you are testing DPI, firewall, IPS or a UTM, you often have to validate the content within protocols against your signatures. Cap’r Mak’r solves this problem by creating new pcaps from any type of content. In the last year, Mu has added SMTP and POP3 as wrapper protocols within which you can insert attachments and get new pcaps;

* A “Content Extraction” feature that allows users to unzip and inflate HTTP attachments with just a couple of clicks; 

* A field index that organizes the protocols, adds a description and name of the pcaps, and indexes all of the unique Wireshark fields within those packets. This means you can rapidly find a pcap with that specific field, according to Mu. 

*A Collaborative Network Forensics that indexes a large number of publicly available pcaps so that our users can browse through them, annotate interesting packets and do full-text search on all those packets.

In October, Mu Dynamics unveiled new testing capabilities for its Test Suite Solution to help customers meet key requirements of IP service testing regardless of their specific customer ecosystem – telecom, smart grid, mobile operator or even cloud computing.