MooseNet

MooseNet is app which allows to view pcap and pcapng trace files on your ios device. So you can have a look at them without the need to open your portable computer. The final goal is that is should also be able to decode all protocols.

Description

MooseNet is app which allows to view pcap and pcapng trace files on your ios device. So you can have a look at them without the need to open your portable computer. The final goal is that is should also be able to decode all protocols.

The decoding of the packets are done with the definitions of the netpdl. The definition are used at the moment as they can be found here
github.com/netgroup-polito/netbee

I want to say thank you for the work Fulvio Risso and Mario Baldi have done. In my opinion this is a very interesting way to decode network protocols and also makes sense that protocol know how and coding know how can be separated. The ultimate goal would be that a user could define its own protocol definitions and then add it to the app. At the moment the maturity of the app doesn’t allow this. At the moment I want to have a control which protocol definition are used to decode the protocols.

But I have seen several protocols where the definitions must be improved / corrected. Several important protocols are still not described and must be described in the netpdl language.

Support

Support Requests

For Support send an email to:

support@tmoose.ch

For you convenience there is now the function built in to zip the log files and sent them directly to the support email. But for this your device must be configured to allowing sending emails

Please provide the following informations

If in any case possible:
Send me the capture file and a description of the problem.
If this is not possible due to security concerns Could you reduce the size of the capture until you are able to pinpoint the problem to a packet and sent me the reduced pcap file. If this is not possible then sent me a description of the problem.

Crash of the application
Please state where it happened. If it always happen with the same file which you want to decode If it is possible can you sent the file to support@tmoose.ch
I will evaluate the file and store the culprit packet, the complete file I will delete afterwards. If this is not possible to sent me the file due to security concerns then could you please describe which protocols are in the file

Packet is not decoded correctly
Again if it is possible sent me the file and a description which information is incorrect or you would like to see differently.

Packet is not decoded at all.
Then send me the capture file and give a statement which packet you would like to be decoded.

You want that a protocol is supported:
Send my an email with the request. if you want to ensure that the request is done as fast as possible then it would be good if you could provide a description of the protocol in the netpdl language.
Please be aware if you do so, with providing me a netpdl description of a protocol you give the permission to forward it to the github directory of the netpdl

If there is other behaviour of the app which you want to change.
Please state the behaviour which doesn’t work or doesn’t work as expected.

If you want additional functionality please sent my a description of the requested functionality.
But in case I am not understanding your request you must expect some questions from me

FAQ

The app seems crashing a lot

I am sorry this shouldn’t happen, every crash I have seen should be eliminated. But the problem is that there a lot of different packets and it will always be packets which leads to an unexpected behaviour. To improve this I am depending on the feedback from you.

How I can add files the add button doesn’t do anything

Files can be added with the file sharing of ios. Please copy your capture files in anyway (icloud, email) to your ios device and then add the files to Moosenet.
The add button add files which were copied during the time the app is running in the capture directory.

Why I can’t make traces

That was and is still a goal to be able to it. But until now I am not aware of a possibility to it on an ios device. The reason for this is the security concern in the Sandbox where the application is running. Normally I would happy to take the possibility to make trace from the ethernet connection through the lightning connection. But still for this Apple would need to do allow allocation of a resource to a single sandbox, so that capturing of all ethernet traffic would be possible without root rights.

Why using the netpdl language

The idea behind using the netpdl language is that normally the protocol knowledge is by a network specialist and this one is not necessarily a specialist in coding. So this should enable network specialist to specific which information they need to be decoded and in which way. At the moment the xml definition of the protocols is still not accessible by them because of the maturity of the app.

Is the complete netpdl language implemented

No not the complete netpdl language is implemented especially the definition of tables and references is not done. The netpdl implementation will be enhanced if further protocols support or corrections of supported protocols will need the definitions

Where should I send my own netpdl protocol definitions

If you have defined them and you want to add it to the app you have sent them to support@tmoose.ch. I will include them in a following release of the app. It shouldn’t take more than a month. But this time estimation depend on the complexity of the protocol definition. If there are a lot of new functionality needed then it will take longer. Important that beside the protocol definition you also provide a sample trace so that I can test that the decoding is working properly.
As mentioned earlier if you provide me with protocol definitions then I will them forward to github.com/netgroup-polito/netbee

The app is slow decoding files

That is an issue and there is some room for improvements which will be looked into. But in every case it will always be slower than a native implementation of the decoding of the protocol. So you will to pay a small price for the ability to define easier you protocols.

Why is the pcapng not supported

Since Version 1.10.00 the pcapng file reading is supported.

Can I filter packets and save them as a new pcap file

At the moment MooseNet can only be used to read pcap files writing them is not supported

Will other platforms be supported

n the end it is the goal that all major platforms will be supported (android, windows, macOS and also linux). But this will depend on the cross portability of swift applications. So if you write a xml definition of a protocol you can use on your workstation in the office, on your portable computer or on other portable devices (mobile phones, tablets)