Skip to content

Protocol Analysis

Domain: protocol-analysis

Custom protocol analysis domain supporting protocol pattern definition, automatic field detection from hex payloads, state machine inference from captured messages, and Mermaid diagram visualization.

Profiles

  • full

Typical scenarios

  • Custom protocol pattern definition
  • Automatic field boundary detection from hex payloads
  • State machine inference from captured message sequences
  • Mermaid state diagram generation

Common combinations

  • network + protocol-analysis
  • encoding + protocol-analysis

Full tool list (20)

ToolDescription
proto_define_patternDefine a protocol pattern with delimiter, byte order, and field layout.
proto_auto_detectAuto-detect a protocol pattern from one or more hex payload samples.
proto_infer_fieldsInfer likely protocol fields from repeated hex payload samples.
proto_infer_state_machineInfer a protocol state machine from captured message sequences.
proto_export_schemaExport a protocol pattern to a .proto-like schema definition.
proto_visualize_stateGenerate a Mermaid state diagram from a protocol state machine definition.
payload_template_buildBuild a deterministic payload from field definitions.
payload_mutateApply deterministic byte-level mutations to a hex payload.
ethernet_frame_buildBuild a deterministic Ethernet II frame from source/destination MAC addresses, EtherType, and payload bytes.
arp_buildBuild a deterministic ARP payload for Ethernet/IPv4.
raw_ip_packet_buildBuild a deterministic IPv4 or IPv6 packet.
icmp_echo_buildBuild a deterministic ICMPv4 echo request or reply payload with an automatically computed checksum.
checksum_applyApply a deterministic 16-bit Internet checksum across a payload slice, optionally zeroing and writing the checksum field back into the packet.
pcap_writeWrite a compact classic PCAP file from deterministic packet byte records.
pcap_readRead a classic PCAP file and return compact deterministic packet summaries. PCAPNG is intentionally not supported.
pcapng_writeWrite a PCAPNG (pcap-ng) capture file from one or more interfaces and deterministic packet byte records. Emits a Section Header Block, an Interface Description Block per interface, and an Enhanced Packet Block per packet.
pcapng_readRead a PCAPNG (pcap-ng) capture file and return structured Section/Interface/Packet blocks. Supports Section Header, Interface Description, Enhanced/Simple Packet, Name Resolution, and Interface Statistics blocks; unknown block types are surfaced as warnings.
proto_dissect_dnsDissect a raw DNS payload (RFC 1035 + EDNS(0)) into header flags, questions, answers, authorities, and additionals with full compression-pointer handling and OPT pseudo-record decoding.
proto_dissect_httpDissect a raw HTTP/1.x request or response payload (RFC 7230) into the start line, headers, and body. Unwinds chunked transfer-encoding and reports Content-Length / Content-Type / Content-Encoding hints.
proto_fingerprintIdentify protocol type from hex payload samples.

Released under AGPL-3.0-only