Dailydave mailing list archives
Re: Unknown Application Protocol Analysis
From: "Dustin D. Trammell" <dtrammell () tippingpoint com>
Date: Wed, 06 Sep 2006 20:49:16 -0500
On Wed, 2006-09-06 at 22:59 +0800, Rhys Kidd wrote:
I've had a look at: [1] http://research.microsoft.com/workshops/sysml/papers/sysml-Gopalratnam.pdf [2] http://www.ub.utwente.nl/webdocs/ctit/1/000000ef.pdf But can't seem to find any public code that has attempted to solve the same problem. Has anyone else thought about this, or know of code I should look at?
Jeremy Rauch presented at the most recent BlackHat on protocol reversing which introduced a tool called the Protocol DeBugger (PDB). If I recall it has some similar protocol analysis features to what you describe. You can find the slides here: http://www.matasano.com/tools/pdb/bh06-PDB.pdf (or) http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Rauch.pdf And the tool here: http://www.matasano.com/tools/pdb/pdb-0.0.1.bleeding-edge.tar.gz I seem to also remember coming across a tool with a similar function and similar name prior to heading out to BlackHat, but it's name escapes me now. Anyone else know what I'm thinking of? -- Dustin D. Trammell VoIP Security Research TippingPoint, a division of 3Com
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Unknown Application Protocol Analysis Rhys Kidd (Sep 06)
- Re: Unknown Application Protocol Analysis Matt Beaumont (Sep 06)
- Re: Unknown Application Protocol Analysis Dustin D. Trammell (Sep 06)
- Re: Unknown Application Protocol Analysis William McVey (Sep 06)
- Re: Unknown Application Protocol Analysis Jared DeMott (Sep 07)