Marissa is a tool for protocol reverse engineerings and is part of my Bachelor's Thesis for the Telecommunications Engineering degree. It takes a previous network comunication as input and infer the messages by clustering and multiple sequence aligment.
- Clone the repository:
git clone /~https://github.com/pruizlezcano/MARISSA.git - Install dependencies:
poetry install - Download Clustal Omega and add it to your
PATH
- Prepare a
.pcapfile with the network communication you wish to analyze. - Run Marissa with the necessary options. Here's an example command:
protocol-inference --input yourfile.pcap -v --packet-length 1500 --packet-length-variance 100 --percent-equal 0.8 --header-length 20 --distance-algorithm ssdeep --cluster-algorithm optics--input,-iTEXT: The .pcap file to read. This option is required.--verbose,-v: Prints the output of the commands run by the script.--packet-length,-lINTEGER: The length of the packets to filter. If not specified, all packets are considered.--packet-length-variance,-pINTEGER: The variance in the length of the packets to filter.--percent-equal,-eFLOAT: The percentage of equal packets to consider for writting the result file. Accepts values between 0 and 1. Default is 1.--header-length,-hINTEGER: The length of the packet headers. This is used to ignore the headers in the analysis.--distance-algorithm,-d[tlsh|ssdeep|hamming]: The distance algorithm to use for comparing packet similarity. Default isssdeep.--cluster-algorithm,-c[optics|kmeans|kmeans_hierarchical]: The clustering algorithm to use. Default isoptics.--help: Show the help message and exit.
Licensed under the GNU GPLv3 license.