I wanted to share with the NANOG community this likely interesting bit of pcap wrangling technology that Mu announced yesterday. Here is the announcement on the new network forensics application within pcapr<http://www.pcapr.net/> : Collaborative Network Forensics Mu Dynamics ( http://www.mudynamics.com/ ) took the recently published dataset by the *U.S. Army Information Technology & Operations Center* ( ITOC <http://www.itoc.usma.edu/> ) from the “2009 Inter-Service Academy Cyber Defense Competition<http://www.itoc.usma.edu/research/dataset/index.html>” as well as the *Schmoo Group’s* “Capture the Capture the Flag<http://cctf.shmoo.com/>” ( CCTF ) dataset (for a grand total of *15.0 GBytes…26.3 million packets*), and indexed them all to enable contextual search and instant access to packets, not to mention Hacker-News/Twitter-style one-liners attached to packets and searches for a community-oriented collaborative forensics application. Check it out (read the blog, linked below, first): - http://bit.ly/12I62D for the blog and - http://www.pcapr.net/forensics for the online app Enjoy! A brief background on pcapr: It’s a web-based pcap repository (hence, pcapr) that has some powerful pcap manipulation capabilities. The pcaps on pcapr are fully decoded and editable and you can manipulate them in novel ways: You can identify and isolate or decode streams, remove garbage from the pcap (i.e., extraneous packets from protocols that you aren’t interested in), reorder packets, save subset or modified pcaps without destroying the original, etc. All this happens at http://www.pcapr.net/, which is open to the public. If you can access the web, you can access the pcapr database and upload your own local pcaps for analysis. All registered users can upload up to 5 pcaps into a scratch space that is private to them. There are currently *250*protocols represented on pcapr across over 1500 pcaps, in addition to the forensics application with its 26.3 million packets. Finally, a free denial-of-service traffic generator is available on pcapr; you can turn any packet you find on pcapr into a DoS template. All the best, ~tom -- Thomas Maufer Mu Dynamics, Inc. Mu Line Blog: http://bit.ly/mu-line-blog * Dir., Tech. Mktg. Mu Labs Blog: http://bit.ly/mu-labs-blog * Solutions Architect Mu on twitter: http://bit.ly/mu-twitter Mu on YouTube: http://bit.ly/mu-youtube Mu on Facebook: http://bit.ly/mu-on-facebook Mu Community sign-up: http://bit.ly/mu-community-signup Got packets? Use pcapr: http://bit.ly/pcapr Email to Thomas Maufer: mailto: tmaufer@mudynamics.com