new collaborative network forensics tool for massive pcap libraries

I wanted to share with the NANOG community this likely interesting bit of
pcap wrangling technology that Mu announced yesterday. Here is the
announcement on the new network forensics application within

Collaborative Network Forensics

Mu Dynamics ( ) took the recently
published dataset by the *U.S. Army Information Technology & Operations
Center* ( ITOC <> ) from the “2009 Inter-Service
Academy Cyber Defense
as well as the *Schmoo Group’s* “Capture the Capture the
( CCTF ) dataset (for a grand total of *15.0 GBytes…26.3 million packets*),
and indexed them all to enable contextual search and instant access to
packets, not to mention Hacker-News/Twitter-style one-liners attached to
packets and searches for a community-oriented collaborative forensics

Check it out (read the blog, linked below, first):

- for the blog and
- for the online app


A brief background on pcapr:

It’s a web-based pcap repository (hence, pcapr) that has some powerful pcap
manipulation capabilities. The pcaps on pcapr are fully decoded and editable
and you can manipulate them in novel ways: You can identify and isolate or
decode streams, remove garbage from the pcap (i.e., extraneous packets from
protocols that you aren’t interested in), reorder packets, save subset or
modified pcaps without destroying the original, etc. All this happens at, which is open to the public.

If you can access the web, you can access the pcapr database and upload your
own local pcaps for analysis. All registered users can upload up to 5 pcaps
into a scratch space that is private to them. There are currently
*250*protocols represented on pcapr across over 1500 pcaps, in
addition to the
forensics application with its 26.3 million packets. Finally, a free
denial-of-service traffic generator is available on pcapr; you can turn any
packet you find on pcapr into a DoS template.

All the best,