Coverage-guided fuzzing has proven highly effective in uncovering software vulnerabilities. However, many industrial systems cannot be instrumented or inspected due to security, legal, or operational constraints. In such settings, blackbox test generation remains the only viable testing strategy.

This paper presents a case study in collaboration with our industrial partner, Mettle Networks, where we were tasked with testing the protocol-handling subsystem of a virtualized packet processing engine without access to the source code or internal documentation. To overcome this constraint, we applied blackbox grammar inference techniques to reverse-engineer the input protocol accepted by the system, achieving an F1 score of 0.94 for the inferred protocol grammar. Our blackbox test campaign resulted in 33.6% code coverage, judged as as measured by Mettle Networks after the test campaign concluded.

We discuss our testing methodology and the practical challenges encountered. This case study highlights current limitations of automatic testing frameworks when deployed in blackbox industrial environments, and offers actionable insights for improving their effectiveness in such settings.