I am a bit confused of the different notion of layer that is of interest and should be used and I have a feeling that this is not to get solved. Yet, I wanted to let you know about my issue, so that we might be able to solve it nonetheless :)
I want to dissect a layer 2 protocol and calculate the FMS. The protocol is the well-known ethernet protocol everyone is a fan of. While it is a layer 2 protocol, I used the flag -l 1 in my example, as netzob would try to actually parse this well known protocol that I want to parse with my own tool instead. But even though I already used a lower layer, I needed to hardcode an additional -1here because otherwise FMS would look at the wrong layer. The reason is - as far as I can see - that the notion of layer switched from OSI-Model layer to actually dissected protocols here. I saw something like eth:ethertype:ip:xxx for self.protocols. So the problem at this position of the code is that it is not clear what protocol we are actually looking at. While I do not know how to solve this general problem yet, I thought it might be worth mentioning here for discussion.
I am aware of the fact that this might be the very reason for the --relativeToIP flag, but this does not necessarily help here, I am afraid, does it? At least I got my problems to get it right for both notions of layer...
I am a bit confused of the different notion of layer that is of interest and should be used and I have a feeling that this is not to get solved. Yet, I wanted to let you know about my issue, so that we might be able to solve it nonetheless :)
I want to dissect a layer 2 protocol and calculate the FMS. The protocol is the well-known
ethernetprotocol everyone is a fan of. While it is a layer 2 protocol, I used the flag-l 1in my example, as netzob would try to actually parse this well known protocol that I want to parse with my own tool instead. But even though I already used a lower layer, I needed to hardcode an additional-1here because otherwise FMS would look at the wrong layer. The reason is - as far as I can see - that the notion of layer switched from OSI-Model layer to actually dissected protocols here. I saw something likeeth:ethertype:ip:xxxforself.protocols. So the problem at this position of the code is that it is not clear what protocol we are actually looking at. While I do not know how to solve this general problem yet, I thought it might be worth mentioning here for discussion.I am aware of the fact that this might be the very reason for the
--relativeToIPflag, but this does not necessarily help here, I am afraid, does it? At least I got my problems to get it right for both notions of layer...