Netzob

FAQ¶

(in progress).

Help-us, if you have a question please contact-us through the mailing-list or the IRC channel.
Q&Answers sessions will increase this FAQ and help others.

How to create valid XML traces ?¶

A plugin in Netzob (XMLImporter) allows to import messages described under an XML format.

To be more specific, the code in charge of XML parsing when importing is located here in XMLImporter.py and uses the parsing entry-point method AbstractMessageFactory.loadFromXML()

Your XML file must describes a set of <message> which have to comply with the XSD definition located in common.xsd.
Multiple pre-defined format are available such as for file messages (FileMessage), IPC messages (IPCMessage), IRP message (IRPMessage) and Network messages (L2NetworkMessage, L3NetworkMessage, L4NetworkMessage). If you can't find what you need, you can also use the RawMessage format.

For example, a simple trace of IP messages could be described by a set of L3NetworkMessage:

 ...
 <message xmlns:netzob-common="https://netzob.org/common" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     id="f4e93847-e107-4c62-aa72-5616d05162b3" timestamp="1355305513.97" xsi:type="netzob-common:L3NetworkMessage">

     <netzob-common:data>040f138b2cd22611020ef84450117cbd4aea0000</netzob-common:data>
     <netzob-common:l2Protocol>Ethernet</netzob-common:l2Protocol>
     <netzob-common:l2SourceAddress>08:00:27:e5:f6:e6</netzob-common:l2SourceAddress>
     <netzob-common:l2DestinationAddress>00:60:34:01:da:34</netzob-common:l2DestinationAddress>
     <netzob-common:l3Protocol>IP</netzob-common:l3Protocol>
     <netzob-common:l3SourceAddress>192.168.1.5</netzob-common:l3SourceAddress>
     <netzob-common:l3DestinationAddress>192.168.1.6</netzob-common:l3DestinationAddress>

 </netzob-common:message>
 ...