PSML Specification

The PSML language is a very simple language that keeps the most important information related to a decoded packet (i.e. the summary view). PSML stands for Packet Summary Markup Language and it is strongly related to the NetPDL. This language is used by a NetPDL engine that understands the NetPDL Visualization Extension to create a summary view of each packet.

A summary view of a packet is an XML file that contains some of the most important information related to protocols and fields that are contained in one packet (e.g. the protocol names). The PSML specification is a way to organize this information and it lists all the packets contained in a capture file, detailing the most important information for any of them.

General structure of a PSML document

The PSML document is delimited by the <psml> and </psml> tags. This tag contains one <structure> element at the beginning, followed by a set of <packet> elements, which contains the decoded packets.

Both <structure> and <packet> do not have attributes. Vice versa, the <psml> element can have the following attributes:

AttributeDescription
version (optional)The version of the PSML specification. Current version is '0'
creator (optional)The creator of the current PSML file. For instance, any file created by the NetBee? library has creator=&quot;NetBee&quot;.
dissectors (optional)The date (in format dd-mm-yyyy) of the last update of the NetPDL protocol database that was used to create the current PSML file.

An example of PSML document looks like:

  <psml>
    <structure>
      ...
    </structure>
    <packet>

      ...
    </packet>
    <packet>
      ...
    </packet>
    ...
  </psml>

Defining the structure of the summary view

The summary view of a packet is usually made up of several sections; for instance, a common form for the summary view is the following:

N.TimeLink LayerNetworkTransportApplication
114:12:22.4480080c7-cb439a ⇒ ffffff-ffffff ARP Request: who has 130.192.16.17 tell 130.192.16.81
214:12:22.49100e01e-ec3c84 ⇒ 0080c7-cb439a ARP Reply:130.192.16.81 is at 00e01e-ec3c84
314:12:22.5240080c7-cb439a ⇒ 00e01e-ec3c84IP: 130.192.16.81 ⇒ 130.192.16.17 (Len 60) ICMP Echo Request
414:12:22.57700e01e-ec3c84 ⇒ 0080c7-cb439aIP: 130.192.16.17 ⇒ 130.192.16.81 (Len 60) ICMP Echo Reply

Table 1: example of a summary view of a capture network trace (containing four packets)

Each Section is devoted to a particular set of information, for example the network-related ones (e.g. the IP source and address, and more). The structure of the summary view is the list of sections that compose it. This list of sections is kept in the <structure> element, which includes a set of <section> elements, where each <section> defines the characteristics of a section of the summary view. <section> elements do not have neither child elements, nor attributes. An example of a summary view is the following:

  <structure>
    <section>N.</section> 
    <section>Time</section> 
    <section>Link Layer</section> 
    <section>Network</section> 
    <section>Transport</section> 
    <section>Application</section> 
  </structure>

In this example, the summary view is made up of six sections, whose names are the content of the element. For instance, these names can be used when showing the summary view as a column names (such as the column headers in the Table 1 example). Section names are derived from the sevel-layers IOS OSI model.

Defining the summary view of each packet

Each <packet> element must contain a number of <section> child elements, whose number is equal to the number of sections defined in the summary structure. For instance, in the example below, each <packet> will have six sections. An example of a packet (e.g. the first packet in the example in Table 1) looks like the following:

  <structure>
    <section>1</section> 
    <section>14:12:22.448</section> 
    <section>0080c7-cb439a => ffffff-ffffff</section> 
    <section></section> 
    <section></section> 
    <section>ARP Request: who has 130.192.16.17 tell 130.192.16.81</section> 
  </structure>

In case the packet does not have any information related to a given section, the <section> element must be present with a void content. Neither <packet> nor <section> have any attributes.

Relationship between NetPDL and PSML

The relationship between NetPDL and PSML is rather simple. The summary view originates from the directives contained in the <showsumtemplate> element in the NetPDL visualization extension. For this element to be applied, the packet decoding has to be completed, i.e. Field Visualization Variables must be associated to all NetPDL fields.

The procedure for creating the summary view involves the execution of the directives present in the <showsumtemplate> NetPDL element, and coping the value of the required field/attributes from the NetPDL engine to the PSML document.

XML Schema Definition

The XML schema definition of the PSML language can be found at the XSD Schema Page.

Language license

The license of the PSML language can be found at the Language License Page.

 
netpdl/psml_specification.txt · Last modified: 2010/03/31 14:53 by fulvio     Back to top