What’s in This Book?
This book contains a mix of theoretical and practical chapters. For the
practical chapters, I’ve developed and made available a networking library
called Canape Core, which you can use to build your own tools for
protocol analysis and exploitation. I’ve also provided an example
networked application called SuperFunkyChat, which implements a userto-user chat protocol. By following the discussions in the chapters, you
can use the example application to learn the skills of protocol analysis and
attack the sample network protocols. Here is a brief breakdown of each
chapter:
Chapter 1: The Basics of Networking
This chapter describes the basics of computer networking with a
particular focus on TCP/IP, which forms the basis of application-level
network protocols. Subsequent chapters assume that you have a good
grasp of the network basics. This chapter also introduces the approach
I use to model application protocols. The model breaks down the
application protocol into flexible layers and abstracts complex
technical detail, allowing you to focus on the bespoke parts of the
protocol you’re analyzing.
Chapter 2: Capturing Application Traffic
This chapter introduces the concepts of passive and active capture of
network traffic, and it’s the first chapter to use the Canape Core
network libraries for practical tasks.
Chapter 3: Network Protocol Structures
Download from finelybook www.finelybook.com
24This chapter contains details of the internal structures that are
common across network protocols, such as the representation of
numbers or human-readable text. When you’re analyzing captured
network traffic, you can use this knowledge to quickly identify
common structures, speeding up your analysis.
Chapter 4: Advanced Application Traffic Capture
This chapter explores a number of more advanced capture techniques
that complement the examples in Chapter 2. The advanced capture
techniques include configuring Network Address Translation to
redirect traffic of interest and spoofing the address resolution
protocol.
Chapter 5: Analysis from the Wire
This chapter introduces methods for analyzing captured network
traffic using the passive and active techniques described in Chapter 2.
In this chapter, we begin using the SuperFunkyChat application to
generate example traffic.
Chapter 6: Application Reverse Engineering
This chapter describes techniques for reverse engineering networkconnected programs. Reverse engineering allows you to analyze a
protocol without needing to capture example traffic. These methods
also help to identify how custom encryption or obfuscation is
implemented so you can better analyze traffic you’ve captured.
Chapter 7: Network Protocol Security
This chapter provides background information on techniques and
cryptographic algorithms used to secure network protocols.
Protecting the contents of network traffic from disclosure or
tampering as it travels over public networks is of the utmost
importance for network protocol security.
Chapter 8: Implementing the Network Protocol
This chapter explains techniques for implementing the application
Download from finelybook www.finelybook.com
25network protocol in your own code so you can test the protocol’s
behavior to find security weaknesses.
Chapter 9: The Root Causes of Vulnerabilities
This chapter describes common security vulnerabilities you’ll
encounter in a network protocol. When you understand the root
causes of vulnerabilities, you can more easily identify them during
analysis.
Chapter 10: Finding and Exploiting Security Vulnerabilities
This chapter describes processes for finding security vulnerabilities
based on the root causes in Chapter 9 and demonstrates a number of
ways of exploiting them, including developing your own shell code
and bypassing exploit mitigations through return-oriented
programming.
Appendix: Network Protocol Analysis Toolkit
In the appendix, you’ll find descriptions of some of the tools I
commonly use when performing network protocol analysis. Many of
the tools are described briefly in the main body of the text as well.
How to Use This Book
If you want to start with a refresher on the basics of networking, read
Chapter 1 first. When you’re familiar with the basics, proceed to
Chapters 2, 3, and 5 for practical experience in capturing network traffic
and learning the network protocol analysis process.
With the knowledge of the principles of network traffic capture and
analysis, you can then move on to Chapters 7 through 10 for practical
information on how to find and exploit security vulnerabilities in these
protocols. Chapters 4 and 6 contain more advanced information about
additional capture techniques and application reverse engineering, so you
can read them after you’ve read the other chapters if you prefer.
For the practical examples, you’ll need to install .NET Core
Download from finelybook www.finelybook.com
26(https://www.microsoft.com/net/core/), which is a cross-platform version of
the .NET runtime from Microsoft that works on Windows, Linux, and
macOS. You can then download releases for Canape Core from
https://github.com/tyranid/CANAPE.Core/releases/ and SuperFunkyChat
from https://github.com/tyranid/ExampleChatApplication/releases/; both use
.NET Core as the runtime. Links to each site are available with the
book’s resources at https://www.nostarch.com/networkprotocols/.
To execute the example Canape Core scripts, you’ll need to use the
CANAPE.Cli application, which will be in the release package
downloaded from the Canape Core Github repository. Execute the script
with the following command line, replacing script.csx with the name of
the script you want to execute.
1