Netzob documentation

Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It can be used to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be used to simulate realistic and controllable trafic.

The main features of Netzob are:

Protocol Vocabulary Modeling and Inference
Netzob includes a complete model to represents the message format of a protocol (aka its vocabulary). Using specific algorithms, it allows to learn it from provided traces.
Protocol Grammar Modeling and Inference
The state machine of a protocol (aka its grammar) defines the valid sequences of exchanged messages. Netzob allows to learn it semi-automaticaly using specific algorithms.
Protocol Simulation
To support the inferring process, a dynamic analysis is perfomed based on simulated actors. These can initiate and take part in a complex communication following the infered protocol.

Contact information

Mailing list:Users, developers and announces lists are available, use the SYMPA web interface to register.
IRC:You can hang-out with us on Freenode’s IRC channel #netzob @
Wiki:Discuss strategy on Netzob’s wiki
Twitter:Follow Netzob’s official accounts (@Netzob)

Netzob Overview

Netzob has been initiated by security auditors of AMOSSYS and the CIDre research team of Supélec to address the reverse engineering of communication protocols. A detailed overview of the project is available here.


Get started with Netzob
The goal of this tutorial is to present the usage of each main component of Netzob (inference of message format, construction of the state machine and generation of traffic) through an undocumented protocol.
Modeling your Protocol with Netzob
This tutorial details the main features of Netzob’s protocol modeling aspects. It shows how your protocol fields can be described with Netzob’s language.
Auto-generation of Peach pit files/fuzzers
This tutorial shows how to take advantage of the Peach exporter plugin provided in Netzob to automatically generate Peach pit configuration files, thus allowing to do smart fuzzing on undocumented protocols.
Auto-generation of Wireshark dissectors
This tutorial shows how to leverage Netzob’ format message inference in order to automatically generate Wireshark dissectors for proprietary or undocumented protocols.