Attacking Network Protocols Review

Chapters 1 and 2 go over basic networking concepts and various ways to capture traffic. The author goes into pretty deep detail about everything. Chapter two focuses on MITM proxies, SOCK proxies, HTTP/Reverse HTTP proxies, etc. Great read for those new to offensive and defensive security, and good refresher for those of us that are not so new. The Author uses a C# Library he created called Canape which I found annoying since not everyone is a software dev in high level languages and he could have easily used Scapy which “hackers” as the title infers are more familiar with.

Attacking Networking Protocols

Chapter 3 throws you to the deep end right away. Breaking down various protocols and standards down into their binary, explaining further how various compilers and operating systems represent the binary. It’s a metric fuck ton of detailed information. If you understand hex, binary, least significant bit, most significant bit, little endian, big endian, signed, and unsigned integers you’ll be able to follow along, otherwise you’ll likely get lost along the way. It’s a chapter that you need to read multiple times to really comprehend. I know some of these words

Chapter 4 talks mainly about Masquerading techniques, DHCP and ARP poisoning. For the most part this should be a refresher for most readers but great information no less. Especially if you’re unfamiliar with how to set up Linux as a router using NAT to play MITM. The Author goes over specific commands and how to revert them, and gives images to illistrate his point showing how the MITM attack might look. Using tools like Ettercap to spoof the DHCP and/or ARP. These techniques are not new or innovative but does set a foundation for the next chapter.

Chapter 5 walks you through packet capturing from a messaging application the author wrote, and breaking it down to find out the exact protocols it’s using. The Author goes into detail breaking things down simply at first with basic Wireshark techniques such as following a tcp stream, but quickly jumps into offsets, hex, and really nailing down what protocols are being used and when. While not super technical or detailed I feel chapter 5 does a good job of breaking packets down, what things in a tcp stream mean, and how to further break them down. It actually taught me something. As most packets are not straight plain text, the Author goes into the binary in the packet, explaining what the offsets are, how many bytes and what those bytes might be and building dissectors in both Python and Lua script for a Wireshark plugin.

Chapters 6 - 10 I haven’t quite gotten to yet however I felt 5 chapters was enough to write a review based one what I’ve ready so far.

Conclusion

This book is great! If you’re unfamiliar with network concepts, how to break down packets to find out what protocols it’s using and how to exploit its weaknesses this book is for you! I’ve learned a bunch from it after only a couple chapters. Very well written, and flow is great from one chapter to the next explaining concepts you learned in the previous chapters. It has a ton of examples for everything. I was annoyed with the Authors own Library for C# but even still he breaks down each part of the Library for what he’s teaching at that point. So if you have some background with programming you should understand it enough. I wish he would have used Python instead though. Each chapter I’ve learned something new from even if I was already very familiar with the subject being taught. The More You Know

I recommend this book for Pentesters, Red Teamers, Network Engineers, Software Engineers, Security Analysts, Blue Team and anyone interested in exploiting systems. It has something for everyone while still focusing on it’s main objective of exploiting network protocols. If you’ve never gotten into manipulating network traffic you’re going to learn a ton!

At the time of writing this there was one review on Amazon. The review is also well written is nails it.

I know quite a bit capturing and manipulating network traffic, but I never really learned how to do interception via mechanisms like ARP poisoning, etc– this book has succinct coverage of many such techniques. It covers interception across all major platforms (Windows, Mac, Linux) and introduces the open-source Canape interception toolkit which makes many tasks simple. Beyond the “how” of using tools, the book covers practical techniques for exploring and exploiting network protocols in the real world.

Getting the pacing/depth right for a broad technical book like this one is challenging, but I think this book really hits the sweet spot– it is detailed enough to point in interesting directions and get the reader started with tools and techniques without burying them under an overwhelming level of detail.

Highly recommended.

comments powered by Disqus