[Dailydave] Unknown Application Protocol Analysis
Dustin D. Trammell
dtrammell at tippingpoint.com
Wed Sep 6 20:49:16 EST 2006
On Wed, 2006-09-06 at 22:59 +0800, Rhys Kidd wrote:
> I've had a look at:
> [1]
> http://research.microsoft.com/workshops/sysml/papers/sysml-Gopalratnam.pdf
> [2] http://www.ub.utwente.nl/webdocs/ctit/1/000000ef.pdf
>
> But can't seem to find any public code that has attempted to solve the same
> problem.
> Has anyone else thought about this, or know of code I should look at?
Jeremy Rauch presented at the most recent BlackHat on protocol reversing
which introduced a tool called the Protocol DeBugger (PDB). If I recall
it has some similar protocol analysis features to what you describe.
You can find the slides here:
http://www.matasano.com/tools/pdb/bh06-PDB.pdf (or)
http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Rauch.pdf
And the tool here:
http://www.matasano.com/tools/pdb/pdb-0.0.1.bleeding-edge.tar.gz
I seem to also remember coming across a tool with a similar function and
similar name prior to heading out to BlackHat, but it's name escapes me
now. Anyone else know what I'm thinking of?
--
Dustin D. Trammell
VoIP Security Research
TippingPoint, a division of 3Com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20060906/9f121871/attachment.pgp
More information about the Dailydave
mailing list