Analyzer Protocol Dissectors

Introduction

Analyzer 3.0 uses a new set of protocol dissectors that are based on the NetPDL specification. The NetPDL language aims at describing the fields that are present (or may be present, in case of optional fields) in each protocol header, and how protocols are linked together (i.e. protocol encapsulation).

This language is very powerful and it allows also to customize the visualization of each protocol in the Analyzer main window.

Modifying protocol dissectors is fairly simple; however, it requires some familiarity with the NetPDL language.

Analyzer 3.0 uses the protocol dissector engine implemented in the NetBee library for protocol decoding and visualization. This library (external to Analyzer) is devoted to decode and parse packets in order to print them properly into an external software.

Analyzer and NetPDL

Analyzer makes use of protocol definition files according to the NetPDL language. You can see the files that define protocol dissectors (i.e. NetPDL files) in the following folder:

   conf/NetPDL/*.xml

In case you are interested in updating the NetPDL specification, please follow these steps: