Interfaces
Argos provides a variety of input and output interfaces for protocol data input, device command output and protocol data raw/processed output. Each protocol can have multiple input sources and output destinations. Multiple protocols can perform at the same time doing offline or real-time analysis, independently of each other. User specific text or binary input and output formats can be defined using the XML protocol description language.
The functional architecture of the Argos protocol analyzer is presented in the next picture.
For protocol data input, binary or text log files, clipboard text content and binary or text input/output device plugins can be used. Both binary and text formats of the protocol data can be defined using the XML protocol definition language, called packetizers. Multiple input sources and formats can be defined for the same protocol, and they can be manually or automatically selected based on file name patterns.
The input data stream is analyzed by the current packetizer and PDUs are identified stored into memory and log files. Each PDU is then analyzed according to the XML protocol definitions. The enabled PDU filters are applied to each PDU, who's outcome can be a drop, hide, mark or other operation.
The analyzed PDU content is stored into the UI, from where the user can select them for further post processing, such as message sequence diagrams, view content export in simple or formatted text, PDU content saving in Argos proprietary binary format, PDU content export in user definable text or binary format, PDU filter reports, selective view, search in view and PDU content, etc...
The input/output devices are loadable plugins which interfaces Argos with hardware or software IO devices, such as serial ports, Ethernet and IP interfaces, Telnet sessions or other custom devices. The device plugin API provides also output interface through which commands can be sent to the hardware or software IO devices. Each device plugin can be defined as being text or binary mode.
The protocol documents, besides the protocol data presentation, it can have one or more command forms, one of them active at a time. The command form is completely user definable by the XML protocol definition language, and it can contain edit, list-box, combo-box and buttons, and references to one or more input/output device plugins. When pressing a button, the actual content of the UI controls can be formatted to a binary or text command and sent to a specified device.
The command form can also host ActiveX controls, which can receive the input PDUs in raw format, analyze them and emit commands towards the devices, autonomously.
Each device plugin has an associated input/output command window, where input protocol data information can be shown and user keystrokes are sent to the device. For example, in the case of the Telnet input/output device plugin, the command window acts as a terminal window: the data received from the Telnet server (ex: message monitoring dump on terminal) is displayed in the window and also analyzed as a protocol data; the user keystrokes are sent to the Telnet server. The command window can display the data in clear text, hexdump, summary or none. The protocol data can also be selected as being in clear text or hexdump format.
The Argos package provides an open API and example source code of already supported IO devices.
The current version of Argos provides the following input/output device plugins:
- COM - bidirectional, text mode, for handling input data and output commands on the serial ports of the computer.
- COMSpy - monodirectional (read-only), text mode, for monitoring of of bidirectional serial ports traffic, handled by other applications.
- EthCap - monodirectional, binary mode, for monitoring the Ethernet interface traffic. It uses the WinPCap utility.
- IPMon - monodirectional, binary mode, for monitoring the IP traffic of the computer.
- Telnet - bidirectional, text mode, for connecting to Telnet services on other computers.
- SSH - bidirectional, text mode, for connecting to SSH services on other computers.
- XMsgMon - bidirectional, binary mode, for real time receiving and sending internal and external messages of applications, running on the same or different computers. It implements a simple handshake and transport protocol based on TCP/IP. The XMsgMonClient, in binary library and source code format for Windows/Linux, can be included into user applications.
- XSink - monodirectional, binary mode, a list of TCP server and UDP receiver endpoints, for easy internal and external message monitoring of applications running on computers in an IP network.
Argos provides a set of protocol data output channels, for raw data and analysis results. They are grouped in three categories:
- Logging and saving selected PDUs in Argos proprietary, binary log format. Each log file contains the protocol identifier, opening the log file later selects automatically the right protocol. The logging can be configured for period, number of PDUs, or continuously. The log files can be split by size, time or number of PDUs. Disabling memory and UI storage, combined with log file splitting allows long time acquisition of protocol data.
- Export of selected or all PDUs in view in user defined text or binary format. Using the XML protocol description language, any number of such exports can be defined
- Export the view content of selected or all PDUs in view in simple or formatted text format, with column, hexdump and member tree info. The export can be targeted to file or clipboard.
In addition, the content of command, report and output windows can be logged to text files.