2009 Blog Rewind: Protocol Reverse Engineering

As we take a look back at 2009 our next two posts were read tens of thousands of times, both talking about protocol reverse engineering. The first post, written by Dustin D. Trammell, took a look at "Automated Protocol Reverse Engineering":

In my research into this discipline I have come across a number of techniques for automating the task of protocol reverse engineering. No one solution offers a 'silver bullet' that magically produces a protocol specification of an unknown protocol, but various automated techniques combined with manual processes can come rather close to this lofty goal if employed against a large data set of protocol traffic and with an appropriate amount of pre-processing of that data set.

Read the full post on Automated Protocol Reverse Engineering.

Following up on Dustin's post, Tod Beardsley wrote about Manual Protocol Reverse Engineering just a week later:

Accurate, rapid analysis of proprietary binary protocols is pretty hard, requiring a familiarity in usual socket programming practices, a determined patience, and a whole lot of note-taking. Closed binary protocols are rarely as simple as ICMP ping, they often have no real documentation, and the people who do know how they work usually keep their mouths shut.

Read the full post on Manual Protocol Reverse Engineering.