Communication protocols can be found is every parts of a system, as shown on the following picture:
Netzob can handle multiple kinds of input data. Hence, you can analyze network traffic, IPC communications, files structures, etc.
Import can either be done by using a dedicated captor or by providing already captured messages in a specific format.
Current accepted formats are:
Current supported captors are:
Imported messages are manipulated by Netzob through specific Python objects which contains metadata that describes contextual parameters (timestamp or even IP source/destination for example). All the Python object that describe messages derived from an abstract object : AbstractMessage.
The next part of this section details the composition of each message object.
All the messages inherits from this definition and therefore has the following parameters :
A network message is defined with the following parameters :
Definition of a NetworkMessage :
A file message is defined with the following parameters :
Definition of a NetworkMessage :
Definition of the factory for XML processing of a FileMessage :