Dailydave mailing list archives

Re: Unknown Application Protocol Analysis

From: "Dustin D. Trammell" <dtrammell () tippingpoint com>
Date: Wed, 06 Sep 2006 20:49:16 -0500

On Wed, 2006-09-06 at 22:59 +0800, Rhys Kidd wrote:

I've had a look at:
[1]
http://research.microsoft.com/workshops/sysml/papers/sysml-Gopalratnam.pdf
[2] http://www.ub.utwente.nl/webdocs/ctit/1/000000ef.pdf

But can't seem to find any public code that has attempted to solve the same
problem.
Has anyone else thought about this, or know of code I should look at?


Jeremy Rauch presented at the most recent BlackHat on protocol reversing
which introduced a tool called the Protocol DeBugger (PDB).  If I recall
it has some similar protocol analysis features to what you describe.
You can find the slides here:

http://www.matasano.com/tools/pdb/bh06-PDB.pdf (or)
http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Rauch.pdf

And the tool here:

http://www.matasano.com/tools/pdb/pdb-0.0.1.bleeding-edge.tar.gz

I seem to also remember coming across a tool with a similar function and
similar name prior to heading out to BlackHat, but it's name escapes me
now.  Anyone else know what I'm thinking of?

-- 
Dustin D. Trammell
VoIP Security Research
TippingPoint, a division of 3Com

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Unknown Application Protocol Analysis Rhys Kidd (Sep 06)
- Re: Unknown Application Protocol Analysis Matt Beaumont (Sep 06)
- Re: Unknown Application Protocol Analysis Dustin D. Trammell (Sep 06)
- Re: Unknown Application Protocol Analysis William McVey (Sep 06)
- Re: Unknown Application Protocol Analysis Jared DeMott (Sep 07)