Discover a Legacy Protocol
Capture network traffic from any legacy system and use the AI discovery pipeline to reverse-engineer its protocol structure, field boundaries, and state machine.
Prerequisites
- Docker and Docker Compose installed on your machine
- Python 3.11 or later (for the CLI)
- A legacy system or service producing network traffic (or use our sample PCAP files)
Install QBITEL Bridge
Start by cloning the repository and launching the platform with Docker Compose. This brings up the AI engine, the data plane, and the management API.
# Clone the repository
git clone https://github.com/yazhsab/qbitel-bridge.git
cd qbitel-bridge
# Start all services
docker compose -f ai_engine/deployment/docker/docker-compose.yml up -d
# Verify all containers are running
docker compose ps
You should see the ai-engine, dataplane, and timescaledb containers in a healthy state.
Capture Network Traffic
Point the data plane at your legacy system's network interface. The Rust-based capture engine processes packets at wire speed using DPDK-accelerated I/O.
# Option A: Live capture from an interface
curl -X POST http://localhost:8000/api/v1/capture/start \
-H "Content-Type: application/json" \
-d '{
"interface": "eth0",
"filter": "host 10.0.1.50 and port 9100",
"duration_seconds": 300
}'
# Option B: Import an existing PCAP file
curl -X POST http://localhost:8000/api/v1/capture/import \
-F "file=@/path/to/legacy_traffic.pcap"Tip: For best results, capture at least 5 minutes of traffic that includes multiple message types. The discovery engine needs variety to identify patterns, field boundaries, and state transitions.
Run the Discovery Pipeline
Trigger the AI-powered protocol discovery pipeline. This runs a multi-stage analysis: statistical pattern extraction, probabilistic context-free grammar inference, neural field detection, and state machine reconstruction.
# Start protocol discovery on the captured session
curl -X POST http://localhost:8000/api/v1/discover \
-H "Content-Type: application/json" \
-d '{
"packet_data": [""],
"metadata": {
"source": "pcap_import",
"capture_id": "cap_abc123",
"confidence_threshold": 0.75
}
}' The pipeline typically completes in 30-120 seconds depending on the volume of captured traffic. You can monitor progress in real time:
# Check discovery status
curl http://localhost:8000/healthView Results
Once the pipeline finishes, you get a full protocol specification including identified message types, field layouts with inferred data types, and the protocol state machine.
# Retrieve the discovered protocol specification
curl http://localhost:8000/api/v1/discover | jq
# Example output (abbreviated)
{
"protocol_name": "LEGACY-9100",
"confidence": 0.94,
"message_types": [
{
"name": "HANDSHAKE_INIT",
"fields": [
{ "name": "magic", "type": "uint32", "offset": 0, "value": "0x4C454731" },
{ "name": "version", "type": "uint16", "offset": 4 },
{ "name": "session_id", "type": "bytes", "offset": 6, "length": 16 },
{ "name": "payload_length", "type": "uint32", "offset": 22 }
]
},
{
"name": "DATA_TRANSFER",
"fields": [ "..." ]
}
],
"state_machine": {
"initial_state": "IDLE",
"transitions": [
{ "from": "IDLE", "to": "HANDSHAKING", "trigger": "HANDSHAKE_INIT" },
{ "from": "HANDSHAKING", "to": "ACTIVE", "trigger": "HANDSHAKE_ACK" },
{ "from": "ACTIVE", "to": "IDLE", "trigger": "DISCONNECT" }
]
}
}Explore in the Console
Open the QBITEL Console at http://localhost:3000 to see a visual representation of the discovered protocol. The console provides an interactive state machine diagram, a field-level message inspector, and an AI copilot that can explain what each message type does.
What's next? Now that you have a protocol specification, you can generate a modern API adapter using Translation Studio, or secure it with post-quantum encryption.
Ready to Discover Your Own Protocols?
Install QBITEL Bridge and start reverse-engineering legacy protocols in minutes.