NetPlier is a tool for binary protocol reverse engineering. It takes network traces as input and infer the keywork by multiple sequence alignment and probabilistic inference. Please find the details in our paper: NETPLIER: Probabilistic Network Protocol Reverse Engineering from Message Traces.
$ pip install -r requirements.txt
netzob
: https://github.com/netzob/netzob.gitmafft
: https://mafft.cbrc.jp/alignment/software/Run NetPlier with the following command:
$ python main.py -i INPUT_FILE_PATH -o OUTPUT_DIR -t PROTOCOL_TYPE [Other Options]
e.g.:
$ python netplier/main.py -i data/dhcp_100.pcap -o tmp/dhcp -t dhcp
Arguments:
-i
, --input
: the filepath of input trace (required)-o
, --output_dir
: the folder for output files (default: tmp/
)-t
, --type
: the type of the test protocol (for generating the ground truth)dhcp
, dnp3
, icmp
, modbus
, ntp
, smb
, smb2
, tftp
, zeroaccess
-l
, --layer
: the layer of the protocol (default: 5
)icmp
), it should be 3
-m
, --mafft
: the alignment mode of mafft, including ginsi
(default), linsi
, einsi
-mt
, --multithread
: using multithreading for alignment (default: False
)