Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Introduction; Why Read This Book?; What's in This Book?; How to Use This Book; Contact Me; Chapter 1: The Basics of Networking; Network Architecture and Protocols; The Internet Protocol Suite; Data Encapsulation; Headers, Footers, and Addresses; Data Transmission; Network Routing; My Model for Network Protocol Analysis; Final Words; Chapter 2: Capturing Application Traffic; Passive Network Traffic Capture; Quick Primer for Wireshark; Alternative Passive Capture Techniques; System Call Tracing; The strace Utility on Linux.
Monitoring Network Connections with DTraceProcess Monitor on Windows; Advantages and Disadvantages of Passive Capture; Active Network Traffic Capture; Network Proxies; Port-Forwarding Proxy; SOCKS Proxy; HTTP Proxies; Forwarding an HTTP Proxy; Reverse HTTP Proxy; So Which Approach Should You Use?; Chapter 3: Network Protocol Structures; Binary Protocol Structures; Numeric Data; Booleans; Bit Flags; Binary Endian; Strings; Variable Binary Length Data; Dates and Times; POSIX/Unix Time; Windows FILETIME; Tag, Length, Value Pattern; Multiplexing and Fragmentation; Network Address Information.
Structured Binary FormatsText Protocol Structures; Numeric Data; Text Booleans; Dates and Times; Variable-Length Data; Structured Text Formats; Encoding Binary Data; Hex Encoding; Base64; Final Words; Chapter 4: Advanced Application Traffic Capture; Rerouting Traffic; Using Traceroute; Routing Tables; Configuring a Router; Enabling Routing on Windows; Enabling Routing on *nix; Network Address Translation; Enabling SNAT; Configuring SNAT on Linux; Enabling DNAT; Forwarding Traffic to a Gateway; DHCP Spoofing; ARP Poisoning; Final Words; Chapter 5: Analysis from the Wire.
The Traffic-Producing Application: SuperFunkyChatStarting the Server; Starting Clients; Communicating Between Clients; A Crash Course in Analysis with Wireshark; Generating Network Traffic and Capturing Packets; Basic Analysis; Reading the Contents of a TCP Session; Identifying Packet Structure with Hex Dump; Viewing Individual Packets; Determining the Protocol Structure; Testing Our Assumptions; Dissecting the Protocol with Python; Developing Wireshark Dissectors in Lua; Creating the Dissector; The Lua Dissection; Parsing a Message Packet; Using a Proxy to Actively Analyze Traffic.
Setting Up the ProxyProtocol Analysis Using a Proxy; Adding Basic Protocol Parsing; Changing Protocol Behavior; Final Words; Chapter 6: Application Reverse Engineering; Compilers, Interpreters, and Assemblers; Interpreted Languages; Compiled Languages; Static vs. Dynamic Linking; The x86 Architecture; The Instruction Set Architecture; CPU Registers; Program Flow; Operating System Basics; Executable File Formats; Sections; Processes and Threads; Operating System Networking Interface; Application Binary Interface; Static Reverse Engineering; A Quick Guide to Using IDA Pro Free Edition.