The best part of plaintext protocols is that you can test them with a tool like netcat, without writing a single line of code. When the client sends the HI command, the server responds with its version. That means instead of binary data, it uses text. (Follow TCP Stream dialog screenshot) Understanding The Protocol - The HI Commandīy just looking at the data, we can tell that it's a plaintext protocol. If we found the right stream, we should see the data and we can start decoding the protocol. If we right click the connection and do "Follow TCP Stream". It was connecting to (a Turkish ISP, which makes sense since I'm in Turkey).Īfter finding the connection, we can see that it uses port 8080, which is called http-alt in Wireshark. Then I will start checking Wireshark for possible connections.īy trial and error, I found the connection in Wireshark. This allows us to find and view any connection made from our machine.Īfter getting Wireshark ready I will go to and start a speed test. Finding the TCP stream in Wiresharkįirst of all lets open Wireshark and start sniffing. A few days ago I wrapped up a simple blogging script in Python so hopefully it works good enough to explain how everything works.īy now I have already figured out the whole protocol for performing a speed test but I will write all the steps that I took so you can learn how to reverse engineer a simple protocol. Author: Gökberk Yaltıraklı Reverse Engineering the ProtocolĪfter finishing my command line speed tester written in Rust, I didn't have a proper blog to document this process.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |