NetPlier is a tool for binary protocol reverse engineering. It takes network traces as input and infer the keywork by multiple sequence alignment and probabilistic inference. Please find the details in our paper: NETPLIER: Probabilistic Network Protocol Reverse Engineering from Message Traces.
- Install dependencies (python 3.6 or higher):
$ pip install -r requirements.txt
- Install
netzob
: https://github.com/netzob/netzob.git - Install
mafft
: https://mafft.cbrc.jp/alignment/software/
Run NetPlier with the following command:
$ python main.py -i INPUT_FILE_PATH -o OUTPUT_DIR -t PROTOCOL_TYPE [Other Options]
e.g.:
$ python netplier/main.py -i data/dhcp_100.pcap -o tmp/dhcp -t dhcp
Arguments:
-i
,--input
: the filepath of input trace (required)-o
,--output_dir
: the folder for output files (default:tmp/
)-t
,--type
: the type of the test protocol (for generating the ground truth)
currently it supportsdhcp
,dnp3
,icmp
,modbus
,ntp
,smb
,smb2
,tftp
,zeroaccess
-l
,--layer
: the layer of the protocol (default:5
)
for the network layer protocol (e.g.,icmp
), it should be3
-m
,--mafft
: the alignment mode of mafft, includingginsi
(default),linsi
,einsi
refer to mafft for detailed features of each mode-mt
,--multithread
: using multithreading for alignment (default:False
)