I'm new to wireshark, and I'd like to learn how to use it properly. I'm going to use wireshark to reverse-engineer communication protocols of applications, and I'd like to see an applied sample on how to do this. I've tried to use Wireshark to reverse engeneer communication between zynga pocker client, and the server, and I run into a problem: how can I know, which packets belong to which applications? Also, can anyone recommend/write a tutorial, which concerns itself with reverse engeneering protocols? asked 26 May '12, 01:01  menkaur edited 26 May '12, 01:01 |
One Answer:
there are several ways to start:
Reverse engineering a network protocol requires a lot of experience with other network protocols and with client-server architectures in general. You won't learn that in a simple tutorial. So, there is only the hard way, by analyzing the traffic and observing the action/reaction of the client/server. If the protocol is unknown to wireshark it will only show the network traffic in HEX and you need to figure out if there are any recurring pattern. You can do that manually, or you can use some advanced techniques. Have a look at this video tutorial: "DEFCON 13: Reverse Engineering Network Protocols using Bioinformatics"
Regards answered 26 May '12, 09:20  Kurt Knochner ♦ edited 27 May '12, 13:28 |
