Networking Basics for Reverse Engineers
Introduction
This article will define network reverse engineering, list tools used by reverse engineers for reverse engineering and then highlight the network basics required by such engineers. The article will illustrate, through the lens of an attacker, how to expose the vulnerability of a network protocol and exploit the vulnerability, and then discuss how to mitigate attack on the identified vulnerability.
This article is ideal for students and professionals with an interest in security, penetration testing and reverse engineering.
Network reverse engineering
Put simply, network reverse engineering is the art of extracting network/application-level protocols utilized by either an application or a client server. For the purpose of explaining the network basics required for reverse engineering, this article will focus on how the Wireshark application can be used to extract protocols and reconstruct them.
Required network basics
To successfully perform reverse engineering, engineers need a basic understanding of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) as they relate to networks, as well as how these protocols can be sniffed or eavesdropped and reconstructed. Specifically, we’ll set up a lab to analyze and extract Real-time Transport Protocol (RTP) data from a Voice over IP (VoIP) network and then reconstruct the original message using the extracted information.
TCP and UDP protocols
One key characteristic of TCP is that it’s a connection-oriented protocol. A connection-oriented protocol is one that requires prior communication to be set up between endpoints (receiving and transmitting devices) before transmission of data. It delivers data in the same manner as it was received. An example of TCP protocol is HyperText Transfer Protocol (HTTP) on port 80 and Terminal Emulation (Telnet) program on port 23.
In UDP protocols, there is no need for prior communication to be set up before data transmission begins. Even though this (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Richard Azu. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/AyqS3VrG-Cs/