Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).
Pkviz is a tool for plotting and cycling through and animating a series of network packets captured by tcpdump. What makes it unique is that the packets’ structure is visualized, not any labels and not time itself. Pkviz takes each byte in a packet and plots it out end-to-end, left-to-right, from the first byte to the last. How high the dot gets plotted depends on the value of the byte: bytes with a value of 0 are at the bottom and those which are 255 (0xff) – the maximum value of a byte – get plotted at the top. This might not be interesting for one packet, but that changes when you start looking at thousands of packets. Pkviz can cycle through thousands of packets in the set so you can see what happened on the wire.