Cipher Book Review, Issue E142

Attacking Network Protocols
by James Forshaw

No Starch Press 2017.
ISBN 978-1-59327-750-5
336 pp.

Reviewed by  Sven Dietrich   Jan. 29, 2018 

James Forshaw of Project Zero at Google authored this book. His presentation about the background materials for understanding network protocols makes for an easy read from start to finish.

The book starts off with an introduction to networking basics before going onto how to capture application traffic, understanding network protocol structures, and using advanced concepts to capture traffic. One chapter covers analyzing traffic from the wire using tools such as WireShark (an entertaining task, from my personal experience). What makes this book exciting and relevant is the occasional interspersing with useful and directly applicable pieces of code (you can even download a ZIP archive with the code pieces from the book website) to support your traffic analysis inner geek.

Also covered are the topics of reverse engineering applications, looking at network protocol security and its implementation. Then it segues into vulnerabilities, fuzzing, and finding and exploiting bugs (which after all is something many of us cherish). Overall, this is a compact book for the novice in traffic analysis wanting to make a foray into playing with packets and different capture environments, be it scripting, proxies, or more challenging Python code.

There are ten chapters about feeling the network pulse and application analysis (static and dynamic), and topping it off is a network analysis toolkit in the Appendix. Whether you're a pen tester, fuzzer, or a serene developer seeking understanding of what not to do, this book is an excellent beginner's guide.

I hope you will enjoy reading this book as much as I did. James Forshaw is a well-respected security practitioner, has made his share of contributions deserving of bug bounty, and in this book he gives an introduction to the best practices for attacking network protocols.

Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org