DISQUS

Jeremiah Blatz · 2 years ago

Damn right it sholdn't've! I thought I was waiting for part 2 for a while, but in fact I was waiting for part 3! Anyway, a very good write-up (kind words), I'm looking forward to part 3 (gentle nudge).

moyix · 2 years ago

It looks like you're more of a ruby guy, but I don't think any discussion of protocol dissection would be complete without mentioning the excellent python-based capture and dissection library scapy. Aside from a decent number of dissectors already included, it's really easy to add new protocols, and the framework gives you basic fuzzing and the ability to replay packets out onto the network.

Also, for general binary-parsing goodness in python, Construct is pretty sweet.

Didier Stevens · 2 years ago

These are interesting tools, didn't know Construct, looks promising.

If you look for a binary-parsing tool with a GUI on Windows, I've a blogpost where I show how I analyze a malformed WMF file with it. Won't name the tool here, because it's commercial. And I'm not linked with the company, not even as a customer.

Eric Monti · 2 years ago

I've looked at Construct too. Definitely nice stuff. It was actually 'sandro' who brought it to my attention in comment to Exploring Protocols 1.

Like a lot of areas, this is one where Ruby is nowhere as mature as Python yet. And for the record, I'm only a "ruby guy" for the moment :)

Maybe it's a phase or something.

raga · 2 years ago

In the very first part of this series, you mentioned tools from blackbag. Has there been an updated release since, like 0.9? Are you still maintaining and distributing it?
thanks for the helpful articles...