Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FMS calculation only done for one message in a symbol #15

Open
techge opened this issue Aug 6, 2021 · 1 comment
Open

FMS calculation only done for one message in a symbol #15

techge opened this issue Aug 6, 2021 · 1 comment

Comments

@techge
Copy link
Contributor

techge commented Aug 6, 2021

Using the dissectorMatcher or to be more specific while trying to calculate the FMS over a symbol, I only get one single message calculated. I found it to be connected to this code called by this function. The problem here is that not an actual list is constructed, instead only one entry for the first message is submitted. I began trying to fix this issue but ran into follow-up issues. This is why I wanted to note it here first, to see if there is a quick fix I am not aware of...
@techge techge mentioned this issue Aug 10, 2021
Closed
skleber added a commit that referenced this issue Oct 16, 2022
@skleber
Merge branch 'python-package' into awdl
b18cc6e 
* python-package:
  fix little endian labels
  libpcap fixes #15
skleber added a commit that referenced this issue Oct 16, 2022
@skleber
Merge branch 'awdl' into awdl_pd
2612af1 
* awdl:
  fix little endian labels
  folders segmenter specific
  prepare nemeftr-clustering eval
  update eval scripts
  libpcap fixes #15
skleber added a commit that referenced this issue Oct 16, 2022
@skleber
Squashed commit of the following:
285607f 
    clean up eval scripts
    add cluster size check
    fix of a number of typos
    fix dhcp.secs type. closes #28
    fix segment match calculation for templates, closes #29
    fix cluster labels with 0 values
    a bit of code cleanup
    some default imports for nemere package
    fix element length tests
    fix type hints and toTikz return
    make eps statistics part of plots
    fix distance plot labels
    small fixes
    fix groundtruth
    fix support for empty (None) labels in DistancesPlotter
    fix disproportional axes in distance plots
    use internal figure instance
    assert input parameters of plotManifoldDistances
    fall back to scapy on pcapy errror
    fix minor wlan parser inaccuracies
    consolidate labels for large topology plots
    fix DistanceCalculator cache file name
    fix nemetyl eval script
    multi-process
    add more wlan.mgt fields and workarounds for faulty dissectors of vendor extensions
    add print of pcap in process
    fix double protocol import in message parser and add workaround for faulty value representation (non-conformance to 2-byte-hex)
    match regexes of field nodes in the json which should be descended into
    redesign of ParsingConstants class hierarchy
    all known l2/le protos in eval scripts
    fix #7
    append terminal log of netzob-fms
    prepare layer select in netzob-fms
    best similarity thresholds
    refactor class hierarchy of nemere.visualization.simplePrint.SegmentPrinter
    enumerate symbol names in symbolsFromSegments
    TypeIdentificationByAlignment in nemetyl main scripts
    encapsulate the whole NEMETYL process in TypeIdentificationByAlignment
    replace parameter comparator by specimens
    Introduce SegmentPrinter and clean up related code
    centrally provide analyzer conversion in MessageAnalyzer.convertAnalyzers
    different placement of text in empty ax
    consolidate labels in distance plot of tft and make plot of segment values optional
    introduce ComparingPrinter and AbstractDissectorMatcher
    report detail improvements
    libpcap fixes #15
    fail gratiously if no spd-say is available
    improve clustered symbol CSV format
    message type discriminator search utils
    check plot toolbar before update
    reorganize input
    cleanup cluster report writing
    nemetyl main script: use CachedDistances, StartupFilecheck
    enhanced tikz output
    refactor cacheAndLoadDC to a class
    pin empty cache and reports folders
    fully integrated dynamic protocol importing
    introduce watchdog for Netzob message parsing
    comments on tshark timeout
    increase timeout to wait for tshark output
    + networkx in requirements
    pcapy linktype conversion
    bugfixes and features about dot11 import, eval script improvements, tshark 3 support
    fix length check and dummy segments
    add interactive switch
    evaluation script for netzob output measured in FMS
    test Netzob compatibility
    overlapping test independent of class
    Target layer selection parameters consolidated
    add check for non-negative lengths in segments
    ensure tuples. closes #14
    started support for tshark version 3.x
    Integrate ScaPyCAPimporter into specimen loader
@skleber
Copy link
Contributor

skleber commented Jan 21, 2024

The proposed PR does not fix this, unfortunately.
With its parameter tformat set to None, as currently always is the case,
nemere.validation.dissectorMatcher.DissectorMatcher._inferredandtrueFieldEnds
returns always only the FMS for the first message of the symbol.

The clean solution will be to replace all usages of DissectorMatcher by BaseDissectorMatcher and get rid of Netzob Symbol parsing altogether.

@skleber skleber reopened this Jan 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Calculate independent FMSs for each symbol message (fixes #15) techge/nemesys
2 participants
@skleber @techge