Dshell Developer Guide

Abstract

This report is a guide to plugin development for the decoder-shell (Dshell) framework. It provides basic examples, core function and class definitions, and an overview of data flow. This guide will help end users develop new, custom plugins as well as modify existing plugins. Dshell is an open-source, Python-based, network forensic analysis framework developed by the US Army Combat Capabilities Development Command Army Research Laboratory. It is a modular and flexible framework, which includes over 40 plugins for the analysis and decoding of network traffic using a variety of network protocols. Dshell plugins are designed to aid in the understanding of network traffic and present results to the user in a concise, useful manner via command-line interface. Dshell is a tool for network forensic analysis that can be used out of the box for simple and advanced analyses, or customized to fit an end-users needs. Custom Dshell plugins can be developed to parse and analyze unique network traffic protocols and data, such as malware. Existing plugins can be modified to extract different information from the protocols they currently parse, customize the programmatic actions performed on the data, or alter the outputted information when using the plugin. The Dshell GitHub repository contains the current Python 3 version as well as an archived Python 2 version available as a tarball. This developer guide only applies to the current version.

Document Details

Document Type

Technical Report

Publication Date

Apr 10, 2023

Accession Number

AD1209992

Entities

Tags