A communication protocol is as language. A language is defined through~:
A word of the vocabular is called a symbol. A symbol represents an abstract view of a set of similar messages. Similar messages refer to messages having the same semantic (for example, a TCP SYN message, a SMTP HELLO message, an ICMP ECHO REQUEST message, etc.).
A symbol is structured following a format, which specifies a sequence of fields (like the IP format). A field can be splitted into sub-fields. For example, a payload is a field of a TCP message. Therefore, by defining a layer as a kind of payload (which is a specific field), we can retrieve the so-called Ethernet, IP, TCP and HTTP layers from a raw packet ; each layer having its own vocabular and grammar.
Field’s size can be fixed or variable. Field’s content can be static of dynamic. Field’s content can be basic (a 32 bits integer) or complex (an array). A field has four attributes~:
Field’s content can be~:
Netzob provides a framework for the semi-automated modelization (inference) of communication protocols, i.e. inferring its vocabular and grammar.
[INCLURE GRAPH]
All the functionalities of the framework are detailled in this chapter.